CVE-2025-10042

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Design/Logic Flaw

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions...

CVE-2022-2362

CVE-2022-2362 affects the WordPress Download Manager plugin (versions prior to 3.2.50). The root cause is the plugin prioritizing certain HTTP headers over PHP’s REMOTE_ADDR to identify visitor IPs, enabling bypass of IP-based download-block restrictions. Affected product: WordPress Download Mana...

CVE-2022-1614

CVE-2022-1614 affects the WP-EMail WordPress plugin up to version 2.69.0. The root cause is that the plugin prioritizes obtaining a visitor IP from certain HTTP headers (e.g., HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR) over PHP’s REMOTE_ADDR, enabling an attacker to bypass IP-based anti-spam restricti...