User Access Manager < 2.2.18 - IP Spoofing
CVE-2022-1601

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: User Access Manager
Vendor: CVE Published:; 30 August 2023

Summary

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.

Affected Version(s)

User Access Manager 0 < 2.2.18

References

https://wpscan.com/vulnerability/f6d3408c-2ceb-4a89-822b-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
May 5, 2022

Credit

Daniel Ruf

WPScan