CVE-2023-4279Authentication Bypass by Spoofing in User Activity LOG

CWE-290Authentication Bypass by Spoofing3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Solwininfotech User Activity LOG
Timeline
PublishedSep 4

Description

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
User Activity Log < 1.6.7 - IP Spoofing2023-09-04
GHSA
GHSA-2wgw-w89g-m892: This User Activity Log WordPress plugin before 12023-09-04
CVE-2023-4279 — Authentication Bypass by Spoofing | cvebase