Track Logins <= 1.0 - Admin+ SQL Injection

An attacker with Administrator-level access to the WordPress site can exploit the plugin by supplying a crafted value in an unsanitized parameter. The plugin does not sanitize or escape this parameter before incorporating it into a SQL statement [ref_id=1]. This allows the attacker to inject arbitrary SQL commands, potentially extracting or modifying database contents. The attack requires the attacker to be authenticated as an admin, limiting the attack surface to privileged users [CWE-89].

The advisory does not specify the exact file or function name within the Track Logins plugin where the unsanitized parameter is processed [ref_id=1]. The vulnerable parameter is used directly in a SQL statement without sanitization or escaping.

No patch or fix has been published for this vulnerability as of the advisory's last update [ref_id=1]. The remediation guidance is to ensure that any parameter used in a SQL statement is properly sanitized and escaped before execution. Since the plugin is marked as having no known fix, users should consider disabling or replacing the plugin until a security update is released.

The advisory does not include a step-by-step proof of concept, only a general description of the vulnerability [ref_id=1]. No reproduction steps are available from the provided bundle.