CVE-2023-2761: 
WordPress vulnerability analysis and mitigation

The User Activity Log WordPress plugin before version 1.6.3 contains a SQL injection vulnerability identified as CVE-2023-2761. The vulnerability exists due to improper sanitization and escaping of the txtsearch parameter in certain admin pages. This security issue affects high-privilege users such as administrators (WPScan Advisory, NVD).

The vulnerability is classified as a SQL injection (SQLI) with a CVSS v3.1 Base Score of 7.2 (HIGH) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue stems from the improper handling of the txtsearch parameter in admin pages, which can be exploited through SQL injection attacks. The vulnerability is categorized under CWE-89 and OWASP Top 10 A1: Injection (WPScan Advisory, NVD).

When successfully exploited, this vulnerability could allow authenticated administrators to perform SQL injection attacks, potentially leading to unauthorized access to the database, data manipulation, or information disclosure (WPScan Advisory).

Users should upgrade to User Activity Log version 1.6.3 or later, which contains the fix for this vulnerability (WPScan Advisory).