This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 04:22
Type | Values Removed | Values Added |
---|---|---|
CWE |
26 Sep 2023, 14:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Activity Log Project
Activity Log Project activity Log |
|
CPE | cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:* |
25 Sep 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-25 16:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4281
Mitre link : CVE-2023-4281
CVE.ORG link : CVE-2023-4281
JSON object : View
Products Affected
activity_log_project
- activity_log
CWE
No CWE.