CVE-2024-0970 Information

Description

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers allowing an attacker to manipulate its value.

Reference

https://wpscan.com/vulnerability/7df6877c-6640-41be-aacb-20c7da61e4db/