← volver
CVE-2023-2761

User Activity Log < 1.6.3 - Admin+ SQL Injection

EPSS 0.7%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 jul 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
Productos afectados
Unknown · User Activity Log