WordPress Plugin Vulnerabilities
User Activity <= 1.0.1 - IP Spoofing
Description
The plugin checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
Proof of Concept
1. Send login request with x-forwarded-for: [REDACTED_IP] 2. Show spoofed IP address in the dashboard (OWASP A09:2021 – Security Logging and Monitoring Failures)
Affects Plugins
References
CVE
Miscellaneous
Original Researcher
rezaduty
Submitter
rezaduty
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-02-03 (about 1 years ago)
Added
2023-02-03 (about 1 years ago)
Last Updated
2023-02-03 (about 1 years ago)