CVE Published: 17/04/2024 |
CVE Updated: 09/08/2024 |
CVE Year: 2024 Source: WPScan |
Vendor: Unknown |
Product: coreActivity: Activity Logging plugin for WordPress Status : PUBLISHED
CVE-2024-0868 Description
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value