WordPress Plugin Vulnerabilities

WP Activity Log < 4.1.5 - SQL Injection in External Database Module

Description

Two SQL Injection vulnerabilities were identified in the WP Activity Log WordPress plugin.

The changelog of the plugin states:

"SQL Injection in external database module reported by WP deeply. Thank you for the responsible disclosure."

Affects Plugins

wp-security-audit-log

Fixed in version 4.1.5

References

URL

https://plugins.trac.wordpress.org/changeset/2412493/wp-security-audit-log

URL

https://github.com/WPWhiteSecurity/wp-activity-log/commit/150c6828e05f50b6a119109f0f392cd9e87ff217

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

WP deeply

Verified

WPVDB ID

4ec13b3c-7fc9-4d9a-98f5-e59187d128a4

Timeline

Publicly Published

2020-11-02 (about 1 years ago)

Added

2020-11-08 (about 1 years ago)

Last Updated

2020-11-09 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin