CVE-2023-6030

Name of the Vulnerable Software and Affected Versions: LogDash Activity Log WordPress plugin versions prior to 1.1.4

Description: The issue concerns a SQL injection vulnerability. It occurs because the plugin does not properly escape the username when performing SQL requests, specifically when logging failed login attempts through the wp login failed function. This can be exploited by an unauthenticated attacker using time-based techniques.

Recommendations: For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp login failed function until a patch is applied. Avoid using the username variable in affected SQL requests until the issue is resolved.