CVE-2023-4279

HIGH

User Activity Log <1.6.7 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4279. PoCs published by b0marek.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2023-4279, demonstrating IP address spoofing in the User Activity Log WordPress plugin by manipulating the 'Client-Ip' header in HTTP requests.

Description

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

Exploits (1)

nomisec WORKING POC

by b0marek · poc

https://github.com/b0marek/CVE-2023-4279

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for CVE-2023-4279, demonstrating IP address spoofing in the User Activity Log WordPress plugin by manipulating the 'Client-Ip' header in HTTP requests.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: User Activity Log WordPress plugin (version <= 1.66)

No auth needed

Prerequisites: User Activity Log plugin installed and configured to log IP addresses

MITRE ATT&CK

T1036 - Masquerading

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/2bd2579e-b383-4d12-b207-6fc32cfb82bc

Scores

CVSS v3 7.5

EPSS 0.0085

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

Status published

Products (1)

solwininfotech/user_activity_log < 1.6.7

Published Sep 04, 2023

Tracked Since Feb 18, 2026