History Log by Click5 WordPress Plugin SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability has been identified in the History Log by Click5 WordPress plugin, affecting versions through 1.0.13. This vulnerability allows for improper neutralization of special elements used in SQL commands, enabling attackers to manipulate database queries and potentially access or modify database information.
Impact
Exploitation of this vulnerability allows for direct interaction with the WordPress site's database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the WordPress site.
Remediation
Users of the History Log by Click5 WordPress plugin are advised to remove or replace the plugin, as it is likely abandoned and will not receive further updates or fixes. Deactivating the plugin does not eliminate the security threat unless a virtual patch is applied. Patchstack has issued a virtual patch to mitigate this vulnerability by blocking attacks until an official fix is available.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.