CVE-2023-5133

Name of the Vulnerable Software and Affected Versions user-activity-log-pro WordPress plugin versions prior to 2.3.4

Description The issue allows an attacker to manipulate the client IP address value by exploiting the plugin's retrieval of IP addresses from potentially untrusted headers. This can be used to hide the source of malicious traffic.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality that retrieves client IP addresses until a patch is applied.