This vulnerability in WP Sessions Time Monitoring Full Automatic (<= 1.0.9) arises from improper neutralization of special elements in SQL commands, enabling SQL Injection attacks. The CVSS score of 9.3 indicates a critical severity with network attack vector, low attack complexity, no privileges required, no user interaction, and a scope change. The impact includes high confidentiality loss and low availability impact. No known exploits in the wild have been reported, and no vendor advisory or patch links are provided at this time.

An attacker can exploit this SQL Injection vulnerability remotely without authentication or user interaction to execute arbitrary SQL commands. This can lead to unauthorized disclosure of sensitive data (high confidentiality impact) and potentially disrupt service availability (low impact). The scope of the vulnerability affects resources beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the affected plugin version to mitigate risk. Monitor official channels from activity-log.com for updates or patches addressing this vulnerability.