SQL Injection Vulnerability Affects User Activity Log Pro
CVE-2024-32137

8.5HIGH

Key Information:

Vendor: WordPress
Status: User Activity Log Pro
Vendor: CVE Published:; 15 April 2024

What is CVE-2024-32137?

An SQL injection vulnerability has been identified in the User Activity Log Pro plugin by Solwin. This issue occurs due to improper neutralization of special elements within SQL commands, allowing an attacker to manipulate queries made to the database. Successful exploitation of this vulnerability can lead to unauthorized access, data extraction, and potential compromise of the application's integrity. This affects versions of User Activity Log Pro ranging from n/a through 2.3.4, highlighting the importance of immediate remediation and secure coding practices.

Affected Version(s)

User Activity Log Pro <= 2.3.4

References

https://patchstack.com/database/vulnerability/user-activi...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Apr 11, 2024

Credit

Dave Jong (Patchstack)