CVE-2023-3435
Severity
9.8CRITICAL
EPSS
0.6%
top 29.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 14
Description
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9