Lucene search
WPScanCVE-2022-2913HistorySep 16, 2022 - 9:15 a.m.
CVE-2022-2913
2022-09-1609:15:11
CWE-639
WPScan
web.nvd.nist.gov
38
7
cve-2022-2913
nvd
login no captcha
recaptcha
wordpress
plugin
ip address spoofing
captcha bypass
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
33.1%
The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn’t check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.
Affected configurations
Node
login_no_captcha_recaptcha_projectlogin_no_captcha_recaptchaRange<1.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| login_no_captcha_recaptcha_project | login_no_captcha_recaptcha | * | cpe:2.3:a:login_no_captcha_recaptcha_project:login_no_captcha_recaptcha:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"product": "Login No Captcha reCAPTCHA",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7",
"status": "affected",
"version": "1.7",
"versionType": "custom"
}
]
}
]Social References
More
Related
wpvulndb
wpvulndb
Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
2022-08-22 00:00:00
wpexploit
wpexploit
Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
2022-08-22 00:00:00
prion
prion
Design/Logic Flaw
2022-09-16 09:15:00
nvd
nvd
CVE-2022-2913
2022-09-16 09:15:11
cvelist
cvelist
CVE-2022-2913 Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
2022-09-16 08:40:39
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
33.1%
Related for CVE-2022-2913