Lucene search
Daniel RufWPEX-ID:8428A5E1-DBEF-4516-983F-F95605C6DD09HistoryDec 27, 2022 - 12:00 a.m.
WP Limit Login Attempts <= 2.6.4 - IP Spoofing
2022-12-2700:00:00
Daniel Ruf
204
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.8%
The plugin prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
Set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR as used in wp_limit_getip() to spoof the IP address and bypass the block.Related
wpvulndb
wpvulndb
WP Limit Login Attempts <= 2.6.4 - IP Spoofing
2022-12-27 00:00:00
cvelist
cvelist
CVE-2022-4303 WP Limit Login Attempts <= 2.6.4 - IP Spoofing
2023-01-23 14:31:49
prion
prion
Design/Logic Flaw
2023-01-23 15:15:00
cve
cve
CVE-2022-4303
2023-01-23 15:15:00
nessus
nessus
freebsd
freebsd
Python -- multiple vulnerabilities
2022-06-08 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.8%
Related for WPEX-ID:8428A5E1-DBEF-4516-983F-F95605C6DD09