Lucene search
Erwan LR (WPScan)WPVDB-ID:BB7C2D2B-CDFE-433B-96CF-714E71D12B22HistoryMar 27, 2024 - 12:00 a.m.
coreActivity < 2.1 - Unauthenticated IP Spoofing
2024-03-2700:00:00
Erwan LR (WPScan)
wpscan.com
6
plugin
ip addresses
headers
spoofing
curl
logs
software
Description The plugin retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
PoC
As unauthenticated: curl ‘https://example.com/attacker’ -H ‘X-FORWARDED: 127.0.0.1’ Then view the logs and note that the plugin display the IP of the request as 127.0.0.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.1 |
Related
cve
cve
CVE-2024-0868
2024-04-17 05:15:48
cvelist
cvelist
CVE-2024-0868 coreActivity < 2.1 - Unauthenticated IP Spoofing
2024-04-17 05:00:02
wpexploit
wpexploit
coreActivity < 2.1 - Unauthenticated IP Spoofing
2024-03-27 00:00:00
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.7%
Related for WPVDB-ID:BB7C2D2B-CDFE-433B-96CF-714E71D12B22