CVE-2023-6030 — MEDIUM (5.4)

Q: How severe is CVE-2023-6030?

CVE-2023-6030 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-6030?

Check the references section above for vendor advisories and patch information. Affected products include: Deryckoe Logdash Activity Log.

Vulnerability Description

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Deryckoe	Logdash Activity Log	< 1.1.4

Related Weaknesses (CWE)

CWE-89

References

https://wpscan.com/vulnerability/b658e403-006c-4555-b1b2-3603e44f4411/ExploitThird Party Advisory

FAQ

What is CVE-2023-6030?

CVE-2023-6030 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the use...

How severe is CVE-2023-6030?

CVE-2023-6030 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6030?

Check the references section above for vendor advisories and patch information. Affected products include: Deryckoe Logdash Activity Log.