WordPress User Activity Log Plugin <= 1.6.2 is vulnerable to SQL Injection
CVE-2023-37966

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: User Activity Log
Vendor: CVE Published:; 31 October 2023

What is CVE-2023-37966?

The User Activity Log plugin by Solwin Infotech is susceptible to an SQL Injection vulnerability. This flaw allows an attacker to manipulate SQL queries, potentially leading to unauthorized access to the database and exposure of sensitive information. Affected versions range from n/a up to 1.6.2. It is crucial for users of this plugin to apply the necessary updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

User Activity Log <= 1.6.2

References

https://patchstack.com/database/vulnerability/user-activi...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2023
Vulnerability Reserved
Jul 11, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)