Published: 04/09/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

This User Activity Log WordPress plugin prior to 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.

Vulnerable Product	Search on Vulmon	Subscribe to Product
solwininfotech user activity log

Repository for CVE-2023-4279 vulnerability.

CVE ID: CVE-2023-4279 Vulnerability Type: IP Address Spoofing Description: This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value This may be used to hide the source of malicious traffic Steps to reproduce: 1 In User Activity Log > Settings, enable the setting "Allow Ip Address of users to log&q

CVE-2023-4278 Exploit Title: Wordpress Plugin Masterstudy LMS <= 3017 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Vendor Homepage: wordpressorg/plugins/masterstudy-lms-learning-management-system/ Software Link: stylemixthemescom Version: <= 3017 CVE : CVE-2023-4278

https://wpscan.com/vulnerability/2bd2579e-b383-4d12-b207-6fc32cfb82bc https://nvd.nist.gov https://github.com/b0marek/CVE-2023-4279

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-4279

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect