The Activity Log plugin for WordPress versions up to and including 2.8.7 is vulnerable to IP Address Spoofing. This means that an unauthenticated attacker can provide a false IP address instead of the users true IP address which will be logged. This is because the plugin has insufficient restrictions on where the IP Address information is retrieved from.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
