Lucene search
HistoryAug 01, 2022 - 1:15 p.m.
CVE-2022-1600
yop poll
wordpress
plugin
cve-2022-1600
security
vulnerability
ip
limitations
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
33.2%
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
Affected configurations
Node
yop-pollyop_pollRange<6.4.3
CNA Affected
[
{
"product": "YOP Poll",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4.3",
"status": "affected",
"version": "6.4.3",
"versionType": "custom"
}
]
}
]Social References
More
Related
patchstack
patchstack
WordPress YOP Poll plugin <= 6.4.2 - IP Spoofing vulnerability
2022-07-11 00:00:00
cvelist
cvelist
CVE-2022-1600 YOP Poll < 6.4.3 - IP Spoofing
2022-08-01 12:48:14
prion
prion
Design/Logic Flaw
2022-08-01 13:15:00
nvd
nvd
CVE-2022-1600
2022-08-01 13:15:09
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
33.2%
Related for CVE-2022-1600