This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-09-04T11:27:04.063Z
Updated: 2024-08-02T07:24:04.693Z
Reserved: 2023-08-09T19:01:48.198Z
Link: CVE-2023-4279
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-04T12:15:10.547
Modified: 2024-11-21T08:34:46.740
Link: CVE-2023-4279
Redhat
No data.