cbcvebase.
CVE-2023-6030
published 2025-05-15

CVE-2023-6030: The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to…

PriorityP339medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EXPLOIT
EPSS
0.75%
50.2th percentile
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker

Affected

1 ranges
VendorProductVersion rangeFixed in
deryckoelogdash_activity_log< 1.1.41.1.4
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.