This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - Exploit, Third Party Advisory |
07 Nov 2023, 04:22
Type | Values Removed | Values Added |
---|---|---|
CWE |
26 Sep 2023, 14:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Activity Log Project
Activity Log Project activity Log |
|
CPE | cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - Exploit, Third Party Advisory |
25 Sep 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-25 16:15
Updated : 2024-11-21 08:34
NVD link : CVE-2023-4281
Mitre link : CVE-2023-4281
CVE.ORG link : CVE-2023-4281
JSON object : View
Products Affected
activity_log_project
- activity_log
CWE
No CWE.