CVE-2023-4279

Name of the Vulnerable Software and Affected Versions User Activity Log WordPress plugin versions prior to 1.6.7

Description The issue allows an attacker to manipulate the client IP address value retrieved by the plugin, potentially hiding the source of malicious traffic. This is due to the plugin retrieving client IP addresses from potentially untrusted headers.

Recommendations For versions prior to 1.6.7, update to version 1.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality that retrieves client IP addresses until a patch is applied.