The plugin checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
1. Send login request with x-forwarded-for: [REDACTED_IP] 2. Show spoofed IP address in the dashboard (OWASP A09:2021 – Security Logging and Monitoring Failures)
CPE | Name | Operator | Version |
---|---|---|---|
user-activity | eq | * |