Activity Log

activity_log

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4281 1Activity Log Project 1Activity Log Apr 23, 2025 Sep 25, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
CVE-2022-3941 1Activity Log Project 1Activity Log Nov 21, 2024 Nov 11, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to im...Show more A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.Show less
CVE-2022-27858 1Activity Log Project 1Activity Log Nov 21, 2024 Nov 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.