CVE-2023-6030 is a medium-severity SQL Injection vulnerability affecting the LogDash Activity Log WordPress plugin versions prior to 1.1.4. The vulnerability arises because the plugin hooks into the wp_login_failed function to log failed login attempts but fails to properly sanitize or escape the username parameter before including it in SQL queries. This improper handling allows an unauthenticated attacker to perform a time-based blind SQL injection attack by injecting malicious SQL payloads into the username field during failed login attempts. Exploiting this vulnerability could enable the attacker to extract sensitive information from the WordPress database, such as user credentials or other stored data, by observing response delays caused by the time-based technique. The vulnerability does not require authentication or user interaction, increasing its risk profile. However, the CVSS score of 5.4 (medium) reflects that the impact on confidentiality and integrity is limited, and availability is not affected. The vulnerability is specific to the LogDash Activity Log plugin, which is not a default WordPress component but an add-on that logs user activity. No known exploits are currently reported in the wild, and no official patches or updates have been linked yet, indicating that users should be vigilant and consider mitigation steps proactively.

For European organizations using WordPress websites with the LogDash Activity Log plugin, this vulnerability poses a tangible risk of data leakage and unauthorized database access. Attackers could leverage this flaw to extract sensitive user information or internal data, potentially leading to privacy violations under GDPR regulations. The ability to exploit the vulnerability without authentication means that any exposed WordPress site with the vulnerable plugin is at risk from external attackers. This could result in reputational damage, regulatory fines, and operational disruptions if sensitive data is compromised. Additionally, attackers might use the extracted information as a foothold for further attacks, such as privilege escalation or lateral movement within the organization's infrastructure. Given the widespread use of WordPress in Europe for business and governmental websites, the vulnerability could affect a broad range of sectors, including e-commerce, public services, and media.

European organizations should immediately audit their WordPress installations to identify the presence of the LogDash Activity Log plugin and verify the version in use. If the plugin is installed and is a version prior to 1.1.4, organizations should disable or remove the plugin until a secure update is available. In the absence of an official patch, organizations can implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns targeting the username parameter in login requests. Additionally, monitoring failed login attempts for unusual patterns or spikes can help detect exploitation attempts. Organizations should also ensure that their WordPress core, themes, and plugins are regularly updated and that database user permissions follow the principle of least privilege to limit the impact of any successful injection. Finally, consider implementing input validation and escaping mechanisms at the application level if custom code interacts with the plugin or login processes.