Lucene search
HistorySep 26, 2022 - 1:15 p.m.
CVE-2022-1613
cve-2022-1613
restricted site access
wordpress plugin
ip-based limitations
security vulnerability
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
33.1%
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.
Affected configurations
Node
10uprestricted_site_accessRange<7.3.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 10up | restricted_site_access | * | cpe:2.3:a:10up:restricted_site_access:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Restricted Site Access",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "7.3.2",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-09-26 13:15:00
wpvulndb
wpvulndb
Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing
2022-08-31 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2022-1613 Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing
2022-09-26 12:35:30
nvd
nvd
CVE-2022-1613
2022-09-26 13:15:10
wpexploit
wpexploit
Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing
2022-08-31 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
33.1%
Related for CVE-2022-1613