CVE-2023-4281

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

CVE-2023-4281

Summary: CVE-2023-4281 affects the WordPress Activity Log plugin (before 2.8.8). The underlying issue is that the plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate the IP value and potentially hide the source of malicious traffic. Affected...

CVE-2023-4281 Activity Log < 2.8.8 - IP Spoofing

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

CVE-2023-4281 Activity Log < 2.8.8 - IP Spoofing

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

CVE-2023-4281

creationtimestamp| type| source ---|---|--- 2023-09-24 12:27:29+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5198 2023-09-24 13:31:46+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5199...

WordPress Activity Log Plugin < 2.8.8 is vulnerable to Bypass Vulnerability

Software Activity Log Type Plugin Vulnerable versions 2.8.8 Fixed in 2.8.8 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-4281 Patch priority Low CVSS severity Low 5.3 Developer Elementor PSID 7011dff59d10 Credits Bartlomiej Marek and Tomasz Swiadek...