[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5N9iAcSeowMpJRJghnIezSM9vEafowHAk9ac2iA5BNk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":9,"severity":11,"cvss_score":12,"cvss_vector":13,"vuln_type":14,"published_date":15,"updated_date":16,"references":17,"days_to_patch":9},"CVE-2022-4550","user-activity-ip-address-spoofing","User Activity \u003C= 1.0.1 - IP Address Spoofing","The User Activity plugin for WordPress is vulnerable to IP Address Spoofing in versions up to and including 1.0.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging. Attackers can supplied the X-Forwarded-For header with with a different IP Address that will be logged.","user-activity",null,"\u003C=1.0.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Use of Less Trusted Source","2023-02-03 00:00:00","2024-01-22 19:56:02",[18],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5a38a72a-7336-4aa5-8491-6879dfa4d0ea?source=api-prod"]