cleantalk
Vulnerabilities and Security Researches

User Activity Log, CVE-2023-3435

CVE, Research URL

CVE-2023-3435

Home page URL

Security reports for User Activity Log

Application

User Activity Log

Published on
Aug 15, 2023
Research Description
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.
Affected versions
max 1.6.6.
Status
vulnerable
Previous vulnerability researches
User Activity Log (CVE-2023-3435) , Jun 07, 2024
User Activity Log (d3f2489e82d0ec4cee04bbfb445022606b02a5a5) , Jun 07, 2024
User Activity Log (CVE-2023-2761) , Jun 07, 2024
User Activity Log (CVE-2023-4279) , Jun 07, 2024
User Activity Log (CVE-2023-4269) , Jun 07, 2024
New vulnerability
Serious Slider (CVE-2026-25399) , Feb 28, 2026
Omnipress (CVE-2026-25432) , Feb 28, 2026
MDirector Newsletter (CVE-2025-14852) , Feb 28, 2026
Alma – Pay in installments or later for WooCommerce (CVE-2026-24999) , Feb 28, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026