A high-severity SQL injection vulnerability has been identified in the WordPress User Activity Log Plugin version 7.6. The discovery and responsible disclosure of this vulnerability were made by LEE SE HYOUNG (hackintoanetwork). Exploiting this flaw allows attackers to inject malicious SQL code into the plugin’s settings page, granting unauthorized access to the database. To protect your WordPress security and prevent potential data breaches, it is crucial to update to the latest version (1.6.3), which includes a patched fix for this vulnerability.

The SQL injection vulnerability arises from the plugin’s improper handling of user input, enabling attackers to inject harmful SQL code and execute it within the database.


The severity of this vulnerability is classified as high, signifying significant risks to your website’s security. Attackers can directly interact with your database and potentially steal sensitive information.

Affected Versions:

The vulnerability affects versions 7.6 and earlier of the User Activity Log Plugin.


Exploiting this vulnerability provides attackers with unauthorized access to your database, potentially compromising sensitive data such as user passwords, credit card numbers, and personal information. They may also manipulate or delete crucial data in your database, leading to potential data loss or corruption.


To safeguard your website and user data, it is imperative to take immediate action. Upgrade to the latest version of the WordPress User Activity Log Plugin (1.6.3) without delay. This updated version contains the necessary patch to address the SQL injection vulnerability, enhancing your WordPress security and malware removal measures.