CVE-2023-5133
User Activity Log Pro < 2.3.4 - IP Spoofing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
Este complemento user-activity-log-pro de WordPress anterior a 2.3.4 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor. Esto puede usarse para ocultar la fuente del tráfico malicioso.
The User Activity Log Pro plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.3 due to insufficient IP address validation. This makes it possible for attackers to perform actions that are attributed to IP values that they control, rather than to the correct IP.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-22 CVE Reserved
- 2023-09-25 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/36c30e54-75e4-4df1-b01a-60c51c0e76a3 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solwininfotech Search vendor "Solwininfotech" | User Activity Log Search vendor "Solwininfotech" for product "User Activity Log" | < 2.3.4 Search vendor "Solwininfotech" for product "User Activity Log" and version " < 2.3.4" | pro, wordpress |
Affected
| ||||||