WP Limit Login Attempts <= 2.6.4 - IP Spoofing
CVE-2022-4303

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WP Limit Login Attempts
Vendor: CVE Published:; 23 January 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-4303?

The WP Limit Login Attempts plugin for WordPress, up to version 2.6.4, has a significant security flaw that allows attackers to bypass IP-based login restrictions. The plugin prioritizes IP information from HTTP headers over the PHP REMOTE_ADDR variable, enabling malicious actors to exploit this behavior and gain unauthorized access. This vulnerability highlights the importance of securing login access against IP spoofing tactics.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WP Limit Login Attempts 0 <= 2.6.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-4303 - Proof of Concept

References

https://wpscan.com/vulnerability/8428a5e1-dbef-4516-983f-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 23, 2023
👾
Exploit known to exist
Jan 23, 2023
Vulnerability published
Jan 23, 2023
Vulnerability Reserved
Dec 6, 2022

Credit

Daniel Ruf

WPScan

JSON

Wordpress

Badges

What is CVE-2022-4303?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.