CVE-2023-3435 – This CVE describes an SQL injection vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-3435?

CVE-2023-3435 has a CVSS score of 9.8 (CRITICAL). This CVE describes an SQL injection vulnerability in the User Activity Log WordPress plugin. Unauthenticated attackers can exploit this flaw to execute arbitrary SQL commands through the plugin's export feature. Any WordPress site running affected versions of this plugin is vulnerable.

📋 TL;DR

This CVE describes an SQL injection vulnerability in the User Activity Log WordPress plugin. Unauthenticated attackers can exploit this flaw to execute arbitrary SQL commands through the plugin's export feature. Any WordPress site running affected versions of this plugin is vulnerable.

💻 Affected Systems

Products:

User Activity Log WordPress plugin

Versions: All versions before 1.6.5

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and active on a WordPress site.

📦 What is this software?

User Activity Log by Solwininfotech

View all CVEs affecting User Activity Log →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, or full site takeover via SQL injection.

🟠

Likely Case

Unauthenticated attackers extracting sensitive data from the WordPress database, including user credentials and configuration details.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially preventing data extraction.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities in WordPress plugins are frequently weaponized due to the large attack surface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.5

Vendor Advisory: https://wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'User Activity Log' plugin. 4. Click 'Update Now' if available, or manually update to version 1.6.5 or later.

🔧 Temporary Workarounds

Disable User Activity Log plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible.

wp plugin deactivate user-activity-log

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block SQL injection patterns
Restrict database user permissions to limit potential damage from SQL injection

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for User Activity Log version below 1.6.5

Check Version:

wp plugin get user-activity-log --field=version

Verify Fix Applied:

Confirm plugin version is 1.6.5 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts from export endpoints

Network Indicators:

HTTP requests to /wp-admin/admin-ajax.php with SQL injection payloads in parameters

SIEM Query:

source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" AND (query="SELECT" OR query="UNION" OR query="--"))

📊 Metadata

CVE ID: CVE-2023-3435

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: August 14, 2023

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b Exploit,Third Party Advisory
https://wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON