CVE-2023-37966 – This SQL injection vulnerability in the WordPre... (How to Fix)

Q: What is the severity of CVE-2023-37966?

CVE-2023-37966 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in the WordPress User Activity Log plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites running the plugin version 1.6.2 or earlier. Successful exploitation could lead to data theft, modification, or complete database compromise.

📋 TL;DR

This SQL injection vulnerability in the WordPress User Activity Log plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites running the plugin version 1.6.2 or earlier. Successful exploitation could lead to data theft, modification, or complete database compromise.

💻 Affected Systems

Products:

Solwin Infotech User Activity Log WordPress Plugin

Versions: All versions up to and including 1.6.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with the vulnerable plugin activated.

📦 What is this software?

User Activity Log by Solwininfotech

View all CVEs affecting User Activity Log →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive user data, administrative credentials, and potential privilege escalation to full system access.

🟠

Likely Case

Data exfiltration of user information, plugin settings, and potentially WordPress user credentials.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only affecting non-sensitive data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities in WordPress plugins are commonly exploited due to available tooling and high value targets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.3 or later

Vendor Advisory: https://wordpress.org/plugins/user-activity-log/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'User Activity Log' and click 'Update Now'. 4. Verify update to version 1.6.3 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate user-activity-log

Web Application Firewall

all

Implement WAF rules to block SQL injection patterns targeting this plugin.

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at application level
Restrict database user permissions to minimum required for plugin functionality

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > User Activity Log version number

Check Version:

wp plugin get user-activity-log --field=version

Verify Fix Applied:

Confirm plugin version is 1.6.3 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual database queries from web server
Multiple failed login attempts followed by SQL errors
Unexpected database schema changes

Network Indicators:

HTTP requests with SQL syntax in parameters
Unusual outbound database connections from web server

SIEM Query:

source="web_logs" AND ("SELECT" OR "UNION" OR "INSERT" OR "UPDATE" OR "DELETE") AND "user-activity-log"

📊 Metadata

CVE ID: CVE-2023-37966

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 31, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37966, you might also want to check these: