The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/ | Exploit Third Party Advisory |
Configurations
History
17 Jun 2025, 18:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/ - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:dev4press:coreactivity:*:*:*:*:*:wordpress:*:* | |
| CWE | NVD-CWE-noinfo | |
| First Time |
Dev4press coreactivity
Dev4press |
21 Nov 2024, 08:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/ - |
09 Aug 2024, 20:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
17 Apr 2024, 12:48
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
17 Apr 2024, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-17 05:15
Updated : 2025-06-17 18:52
NVD link : CVE-2024-0868
Mitre link : CVE-2024-0868
CVE.ORG link : CVE-2024-0868
JSON object : View
Products Affected
dev4press
- coreactivity
CWE