WP-Polls < 2.76.0 - IP Validation Bypass
CVE-2022-1581

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP-polls
Vendor: CVE Published:; 21 November 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-1581?

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

Affected Version(s)

WP-Polls 0 < 2.76.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-1581 - Proof of Concept

References

https://wpscan.com/vulnerability/c1896ab9-9585-40e2-abbf-...

exploitvdb-entrytechnical-description

https://www.hightechdad.com/2009/12/21/warning-wp-polls-w...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 21, 2022
👾
Exploit known to exist
Nov 21, 2022
Vulnerability published
Nov 21, 2022
Vulnerability Reserved
May 4, 2022

Credit

Daniel Ruf

Wordpress

Badges

What is CVE-2022-1581?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit