CVE-2023-3435

Name of the Vulnerable Software and Affected Versions User Activity Log WordPress plugin versions prior to 1.6.5

Description The issue arises from the plugin's failure to correctly sanitise and escape several parameters before using them in a SQL statement as part of its exportation feature. This allows unauthenticated attackers to conduct SQL injection attacks.

Recommendations For versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the exportation feature until a patch is applied.