WordPress Secure Admin IP plugin <= 2.0 - IP Spoofing vulnerability
CVE-2023-41133

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Secure Admin Ip
Vendor: CVE Published:; 13 December 2024

What is CVE-2023-41133?

The vulnerability identified in Michal Novák Secure Admin IP enables attackers to bypass authentication mechanisms through spoofing techniques. This issue affects all versions of Secure Admin IP from n/a up to 2.0, enabling unauthorized access and undermining the security protocols intended to protect the application. The flaw represents a potential risk for websites utilizing this plugin, as it can be exploited to bypass crucial functionalities essential for secure administrative access.

Affected Version(s)

Secure Admin IP <= 2.0

References

https://patchstack.com/database/wordpress/plugin/secure-a...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Aug 23, 2023

Credit

Mika (Patchstack Alliance)