4 matches found
CVE-2022-1614
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...
CVE-2022-1614
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...
CVE-2022-1614 WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...
CVE-2022-1614
CVE-2022-1614 affects the WP-EMail WordPress plugin up to version 2.69.0. The root cause is that the plugin prioritizes obtaining a visitor IP from certain HTTP headers (e.g., HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR) over PHP’s REMOTE_ADDR, enabling an attacker to bypass IP-based anti-spam restricti...