Lucene search
HistoryFeb 27, 2023 - 4:15 p.m.
CVE-2022-4550
cve-2022-4550
user activity plugin
wordpress
ip spoofing
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
29.5%
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
Affected configurations
Node
user_activity_projectuser_activityRange≤1.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| user_activity_project | user_activity | * | cpe:2.3:a:user_activity_project:user_activity:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "User Activity",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.0.1"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-4550
2023-02-27 16:15:11
wpexploit
wpexploit
User Activity <= 1.0.1 - IP Spoofing
2023-02-03 00:00:00
prion
prion
Design/Logic Flaw
2023-02-27 16:15:00
wpvulndb
wpvulndb
User Activity <= 1.0.1 - IP Spoofing
2023-02-03 00:00:00
cvelist
cvelist
CVE-2022-4550 User Activity <= 1.0.1 - IP Spoofing
2023-02-27 15:24:36
wordfence
wordfence
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
29.5%
Related for CVE-2022-4550