User Activity Log < 1.6.5 - Unauthenticated SQLi
CVE-2023-3435
9.8CRITICAL
What is CVE-2023-3435?
The User Activity Log Plugin for WordPress prior to version 1.6.5 contains a flaw that allows unauthenticated attackers to execute SQL injection attacks. This is due to improper sanitization and escaping of input parameters when generating SQL statements during the export feature. Exploiting this vulnerability could enable attackers to manipulate database queries, potentially leading to unauthorized data disclosure or alteration.
Affected Version(s)
User Activity Log 0 < 1.6.5