The User Activity Log WordPress plugin prior to 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated malicious users to conduct SQL injection attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
solwininfotech user activity log |