IP Address Spoofing Vulnerability in Hide My WP Ghost Security Plugin for WordPress
CVE-2022-4537

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Hide My WP Ghost – Security Plugin
Vendor
CVE Published:
9 May 2023

What is CVE-2022-4537?

The Hide My WP Ghost – Security Plugin for WordPress is susceptible to IP Address Spoofing due to inadequate restrictions governing the retrieval of IP address information for request logging and login limit enforcement. This vulnerability enables attackers to manipulate the X-Forwarded-For header to present a misleading IP address, which may subsequently bypass any settings that would normally prevent that IP from accessing the system. As a result, unauthorized users can gain access where they should otherwise be blocked.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Hide My WP Ghost – Security Plugin * <= 5.0.18

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/hide-my-wp/tag...
https://plugins.trac.wordpress.org/browser/hide-my-wp/tru...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mohammadreza Rashidi
JSON
.