CVE-2022-4550

User Activity <= 1.0.1 - IP Spoofing

CVSS 7.5 HIGHEPSS 0.7%

The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Unknown · User Activity

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/a1179959-2044-479f-a5ca-3c9ffc46d00e