Login Sign Up

CVE-2024-0970

5.3 MEDIUM

📋 TL;DR

The User Activity Tracking and Log WordPress plugin before version 4.1.4 insecurely retrieves client IP addresses from HTTP headers that can be manipulated by attackers. This allows malicious actors to spoof their IP addresses in activity logs, potentially bypassing IP-based security controls. WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • User Activity Tracking and Log WordPress plugin
Versions: All versions before 4.1.4
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations using the vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

User Activity Tracking And Log by Mooveagency

View all CVEs affecting User Activity Tracking And Log →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could spoof IP addresses to bypass IP-based access controls, hide their true origin in logs, or frame legitimate IP addresses for malicious activities.

🟠

Likely Case

Attackers manipulate their logged IP address to evade detection or bypass simple IP-based restrictions in the plugin's logging functionality.

🟢

If Mitigated

With proper IP validation and logging controls, the impact is limited to inaccurate audit trails without security bypass.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending HTTP requests with manipulated headers like X-Forwarded-For or Client-IP.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.4

Vendor Advisory: https://wpscan.com/vulnerability/7df6877c-6640-41be-aacb-20c7da61e4db/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'User Activity Tracking and Log'. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.1.4+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the plugin until patched

wp plugin deactivate user-activity-tracking-and-log

Web server IP validation

linux

Configure web server to validate and sanitize client IP headers

🧯 If You Can't Patch

  • Implement network-level IP validation using WAF rules to filter spoofed headers
  • Supplement plugin logs with server-side logging that captures real client IPs

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for 'User Activity Tracking and Log' version

Check Version:

wp plugin get user-activity-tracking-and-log --field=version

Verify Fix Applied:

Verify plugin version is 4.1.4 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Multiple activity log entries from same user with rapidly changing IP addresses
  • IP addresses in logs that don't match network traffic patterns

Network Indicators:

  • HTTP requests containing manipulated X-Forwarded-For, Client-IP, or similar headers

SIEM Query:

source="wordpress_logs" AND plugin="user-activity-tracking-and-log" AND (ip_changes > threshold OR suspicious_headers)

📊 Metadata

CVE ID: CVE-2024-0970
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score: 0.09% exploit probability (25.2th percentile)
Published: May 15, 2025
Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON