Primary

Context

LogDash Activity Log WordPress Plugin SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the LogDash Activity Log WordPress plugin, affecting versions prior to 1.1.4. The vulnerability arises because the plugin logs failed login attempts by hooking into the wp_login_failed function, but it fails to properly escape the username in certain SQL queries. This oversight allows unauthenticated attackers to exploit the vulnerability using time-based techniques.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. In this case, the vulnerability can be exploited using time-based techniques, which involve causing a delay in the application's response to infer information about the database or the application itself.

Remediation

Users are advised to update the LogDash Activity Log WordPress plugin to version 1.1.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogDash Activity Log WordPress Plugin SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating