ThreatPress

WordPress Vulnerability Database

Back

WordPress WP Activity Log plugin <= 4.1.4 - SQL Injection (SQLi) in External Database Module vulnerability

Product
WP Activity Log
Description
SQL Injection (SQLi) in External Database Module vulnerability found by WP deeply in WordPress WP Activity Log plugin (versions <= 4.1.4 ).
Solution
Update the WordPress WP Activity Log plugin to the latest available version (at least 4.1.5).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 4.1.4
Fixed In 4.1.5
Disclosure date
2020-11-14
Credits
WP deeply