CVE-2023-5133Authentication Bypass by Spoofing in User Activity LOG

CWE-290Authentication Bypass by Spoofing3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 70.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Solwininfotech User Activity LOG
Timeline
PublishedOct 16

Description

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
User Activity Log Pro < 2.3.4 - IP Spoofing2023-10-16
GHSA
GHSA-jqxm-w4mh-hq99: This user-activity-log-pro WordPress plugin before 22023-10-16
CVE-2023-5133 — Authentication Bypass by Spoofing | cvebase