IP Address Spoofing Vulnerability in WordPress Login and Registration Attempts Limit Plugin
CVE-2022-4532
6.5MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 17 August 2024
Summary
The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is susceptible to IP address spoofing due to inadequate measures in restricting the source of IP address logging. This vulnerability allows attackers to manipulate the X-Forwarded-For header to log a misleading IP address. As a result, attackers can bypass login restrictions intended to block specific IP addresses from gaining access. This security oversight highlights the importance of effective IP address verification methods in safeguarding user authentication processes within WordPress sites.
Affected Version(s)
LOGIN AND REGISTRATION ATTEMPTS LIMIT * <= 2.1
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mohammadreza Rashidi