3 matches found
WordPress User Activity Tracking and Log plugin < 4.1.4 - IP Spoofing vulnerability
IP Spoofing vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin User Activity Tracking and Log versions 4.1.4...
CVE-2024-0970 User Activity Tracking and Log < 4.1.4 - IP Spoofing
This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...
CVE-2024-0970
CVE-2024-0970 concerns the WordPress plugin User Activity Tracking and Log (pre-4.1.4). The vulnerability stems from retrieving client IP addresses from untrusted headers, enabling an attacker to spoof/manipulate the logged IP address in activity logs. Public sources in the connected data confirm...