2 matches found
CVE-2023-4281
Summary: CVE-2023-4281 affects the WordPress Activity Log plugin (before 2.8.8). The underlying issue is that the plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate the IP value and potentially hide the source of malicious traffic. Affected...
CVE-2022-27858
CVE-2022-27858 refers to a CSV injection vulnerability in the WordPress plugin Activity Log (Team Activity Log) versions ≤ 2.8.3. The weakness stems from the plugin not validating data before exporting to CSV, enabling injection in CSV fields. Impact is described as CSV injection; remediation is ...