CVE-2023-4281

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
Configurations

Configuration 1 (hide)

cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:34

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - Exploit, Third Party Advisory

07 Nov 2023, 04:22

Type Values Removed Values Added
CWE CWE-290

26 Sep 2023, 14:44

Type Values Removed Values Added
First Time Activity Log Project
Activity Log Project activity Log
CPE cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
References (MISC) https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - (MISC) https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 - Exploit, Third Party Advisory

25 Sep 2023, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-25 16:15

Updated : 2024-11-21 08:34


NVD link : CVE-2023-4281

Mitre link : CVE-2023-4281

CVE.ORG link : CVE-2023-4281


JSON object : View

Products Affected

activity_log_project

  • activity_log
CWE

No CWE.