This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/36c30e54-75e4-4df1-b01a-60c51c0e76a3 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/36c30e54-75e4-4df1-b01a-60c51c0e76a3 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 20:15
Updated : 2024-11-21 08:41
NVD link : CVE-2023-5133
Mitre link : CVE-2023-5133
CVE.ORG link : CVE-2023-5133
JSON object : View
Products Affected
solwininfotech
- user_activity_log
CWE
No CWE.