IP Address Spoofing Vulnerability in WordPress Login and Registration Attempts Limit Plugin
CVE-2022-4532

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Login And Registration Attempts Limit
Vendor
CVE Published:
17 August 2024

What is CVE-2022-4532?

The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is susceptible to IP address spoofing due to inadequate measures in restricting the source of IP address logging. This vulnerability allows attackers to manipulate the X-Forwarded-For header to log a misleading IP address. As a result, attackers can bypass login restrictions intended to block specific IP addresses from gaining access. This security oversight highlights the importance of effective IP address verification methods in safeguarding user authentication processes within WordPress sites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LOGIN AND REGISTRATION ATTEMPTS LIMIT * <= 2.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/login-attempts...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mohammadreza Rashidi
JSON
.