CVE-2023-6030 | THREATINT

Description

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker

PUBLISHED Reserved 2023-11-08 | Published 2025-05-15 | Updated 2025-05-16 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status

unaffected

Any version before 1.1.4

affected

Credits

Nicolas Surribas finder

WPScan coordinator

References

wpscan.com/...rability/b658e403-006c-4555-b1b2-3603e44f4411/ exploit vdb-entry technical-description

cve.org (CVE-2023-6030)

nvd.nist.gov (CVE-2023-6030)

Download JSON