This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-10-16T19:39:17.507Z
Updated: 2024-08-02T07:44:53.851Z
Reserved: 2023-09-22T18:59:24.803Z
Link: CVE-2023-5133
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-10-16T20:15:17.823
Modified: 2024-11-21T08:41:07.690
Link: CVE-2023-5133
Redhat
No data.