The User Activity Log WordPress plugin prior to 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
solwininfotech user activity log |