CVE-2023-4281

Published: Sep 25, 2023Modified: Apr 23, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

Affected (1)

Products: Activity Log Project: Activity Log

Activity Log Project

1 product

Activity Log

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Activity Log Project Activity Log	Before 2.8.8

References (2)

https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.