CVE-2023-2761 – This SQL injection vulnerability in the User Ac... (How to Fix)

Q: What is the severity of CVE-2023-2761?

CVE-2023-2761 has a CVSS score of 7.2 (HIGH). This SQL injection vulnerability in the User Activity Log WordPress plugin allows authenticated administrators to execute arbitrary SQL commands on the database. The vulnerability affects WordPress sites running plugin versions before 1.6.3, potentially leading to data theft, modification, or deletion.

📋 TL;DR

This SQL injection vulnerability in the User Activity Log WordPress plugin allows authenticated administrators to execute arbitrary SQL commands on the database. The vulnerability affects WordPress sites running plugin versions before 1.6.3, potentially leading to data theft, modification, or deletion.

💻 Affected Systems

Products:

User Activity Log WordPress plugin

Versions: All versions before 1.6.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress administrator privileges to exploit. Affects all WordPress installations with vulnerable plugin versions.

📦 What is this software?

User Activity Log by Solwininfotech

View all CVEs affecting User Activity Log →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator privilege escalation leading to complete database compromise, data exfiltration, or site takeover via SQL injection.

🟠

Likely Case

Privileged user exploits SQL injection to access sensitive data, modify user permissions, or disrupt site functionality.

🟢

If Mitigated

Limited impact due to proper access controls and monitoring, with only authorized administrators able to trigger the vulnerability.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator-level access. Public proof-of-concept available through WPScan references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.3

Vendor Advisory: https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'User Activity Log' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.6.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate user-activity-log

Input Validation via WAF

all

Configure web application firewall to block SQL injection patterns in txtsearch parameter

🧯 If You Can't Patch

Restrict administrator accounts to trusted personnel only
Implement database monitoring for unusual SQL queries from WordPress

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins → Installed Plugins

Check Version:

wp plugin get user-activity-log --field=version

Verify Fix Applied:

Confirm plugin version is 1.6.3 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by admin panel access

Network Indicators:

POST requests to admin-ajax.php or admin pages with SQL injection patterns in parameters

SIEM Query:

source="wordpress.log" AND "txtsearch" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE")

📊 Metadata

CVE ID: CVE-2023-2761

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Published: July 24, 2023

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba Exploit,Third Party Advisory
https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON