3 matches found
CVE-2023-4281
Summary: CVE-2023-4281 affects the WordPress Activity Log plugin (before 2.8.8). The underlying issue is that the plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate the IP value and potentially hide the source of malicious traffic. Affected...
CVE-2022-27858
CVE-2022-27858 refers to a CSV injection vulnerability in the WordPress plugin Activity Log (Team Activity Log) versions ≤ 2.8.3. The weakness stems from the plugin not validating data before exporting to CSV, enabling injection in CSV fields. Impact is described as CSV injection; remediation is ...
CVE-2022-3941
The CVE-2022-3941 entry describes a vulnerability in the Activity Log Plugin’s HTTP Header Handler, where manipulating the X-Forwarded-For argument causes improper output neutralization in logs. Affected component: HTTP Header Handler within the WordPress Activity Log Plugin. Impact as stated: re...