CVE-2022-4539 – The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in …

31 August 2024

Vuln ID: CVE-2022-4539

Published: 2024-08-31 10:15:04.257

Description: The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.

Base Score: 5.3 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Source: NVD.NIST.GOV

Date:

31 August 2024

Categorie(s):

NVD

Tag(s):

NVD

34% of CIOs ranked securing the network as their number one priority22 October 2024
Research uncovers new attack method, security leaders share insights22 October 2024
Socket secures $40M to strengthen open-source software security22 October 2024
NordVPN Review (2024): Is NordVPN Worth the Cost?22 October 2024
IBM launches Guardium Data Security Center to address AI, quantum and hybrid cloud risks22 October 2024