CVE-2023-6030
published 2025-05-15CVE-2023-6030: The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to…
PriorityP339medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EXPLOIT
EPSS
0.75%
50.2th percentile
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deryckoe | logdash_activity_log | < 1.1.4 | 1.1.4 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
LogDash Activity Log <= 1.1.3 - SQL Injection
nuclei·CVSS 5.4
CVE-2023-6030 [MEDIUM] LogDash Activity Log <= 1.1.3 - SQL Injection
LogDash Activity Log =7'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
condition: and
# digest: 4b0a0048304602210089c7b743ba7459e316590f13a58913ee70ae490f59760c72227fca30af5a2bc7022100ea3d3715d469e21c18c471b2bdd90e2001a1054388df136f755221991c928f28:922c64590222798bb761d5b6d8e72950
2025-05-15
Published