CVE-2024-0868

Summary

The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value

Affected Software

VendorProductVersion RangeStatus
UnknowncoreActivity: Activity Logging plugin for WordPress0 < 2.1affected

Weaknesses

  • CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References