CVE-2022-1600 YOP Poll < 6.4.3 - IP Spoofing

2022-08-0112:48:14

CWE-639

WPScan

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

CNA Affected

[
  {
    "product": "YOP Poll",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "6.4.3",
        "status": "affected",
        "version": "6.4.3",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7