WordPress Plugin Vulnerabilities

User Activity Log < 1.6.5 - Unauthenticated SQLi

Description

The plugin does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.

Version 1.6.4 mitigates the issue for unauthenticated users but it is still exploitable by Subscribers and above.

Proof of Concept

Affects Plugins

Plugin icon
user-activity-log
Fixed in 1.6.5

References

CVE
CVE-2023-3435

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Marc Montpas
Submitter
Marc Montpas
Verified
Yes
WPVDB ID
30a37a61-0d16-46f7-b9d8-721d983afc6b

Timeline

Publicly Published
2023-07-24 (about 2 years ago)
Added
2023-07-24 (about 2 years ago)
Last Updated
2023-07-24 (about 2 years ago)

Other

Published
Title
Published
2023-11-09
Title
MainWP < 4.4.3.4 - Authenticated (Administrator+) SQL Injection
Published
2025-01-16
Title
ResAds <= 2.0.5 - Authenticated (Administrator+) SQL Injection
Published
2023-05-16
Title
Multiple Page Generator < 3.3.18 - Admin+ SQLi
Published
2024-06-10
Title
Blog2Social: Social Media Auto Post & Scheduler < 7.4.2 - Authenticated (Subscriber+) SQL Injection
Published
2015-11-28
Title
Double Opt-In for Download <= 2.0.8 - SQL Injection