SQL Injection Vulnerability Affects User Activity Log
CVE-2024-31356

7.6HIGH

Key Information:

Vendor: WordPress
Status: User Activity Log
Vendor: CVE Published:; 10 April 2024

What is CVE-2024-31356?

The vulnerability occurs due to improper neutralization of special elements used in SQL commands, allowing attackers to execute unauthorized SQL queries. This can lead to the exposure of sensitive data and unauthorized administrative actions within the User Activity Log plugin for WordPress, specifically affecting versions from n/a to 1.8. Attackers could exploit this weakness to gain access to the backend database and compromise the integrity of the web application.

Affected Version(s)

User Activity Log <= 1.8

References

https://patchstack.com/database/vulnerability/user-activi...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Apr 1, 2024

Credit

Muhammad Daffa (Patchstack Alliance)