CVE-2023-2761

Name of the Vulnerable Software and Affected Versions User Activity Log WordPress plugin versions prior to 1.6.3

Description The issue arises from the improper sanitization and escaping of the txtsearch parameter in SQL statements on certain admin pages, leading to a SQL injection that can be exploited by high-privilege users, such as administrators.

Recommendations For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin pages that use the txtsearch parameter in SQL statements until the update is applied.