CVE-2024-0868

Name of the Vulnerable Software and Affected Versions coreActivity: Activity Logging plugin for WordPress versions prior to 2.1

Description The issue allows users to spoof IP addresses by providing an arbitrary value via headers such as X-FORWARDED, which are used to log IP addresses of requests.

Recommendations For versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging functionality to minimize the risk of IP address spoofing.