CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6030

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://wpscan.com/vulnerability/b658e403-006c-4555-b1b2-3603e44f4411/

Products affected by CVE-2023-6030

Deryckoe » Logdash Activity Log » Version: 1.0

cpe:2.3:a:deryckoe:logdash_activity_log:1.0
Deryckoe » Logdash Activity Log » Version: 1.1

cpe:2.3:a:deryckoe:logdash_activity_log:1.1
Deryckoe » Logdash Activity Log » Version: 1.1.2

cpe:2.3:a:deryckoe:logdash_activity_log:1.1.2
Deryckoe » Logdash Activity Log » Version: 1.1.3

cpe:2.3:a:deryckoe:logdash_activity_log:1.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6030

Products

Pricing

Contact Us