CVE-2023-4281

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 04:22

Type Values Removed Values Added
CWE CWE-290

26 Sep 2023, 14:44

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - (MISC) https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
First Time Activity Log Project
Activity Log Project activity Log
CPE cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*

25 Sep 2023, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-25 16:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4281

Mitre link : CVE-2023-4281

CVE.ORG link : CVE-2023-4281


JSON object : View

Products Affected

activity_log_project

  • activity_log
CWE

No CWE.