exploitDog

GHSA-ppvx-gqx9-qrq3

Опубликовано: 22 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers spoof their IP address and submit forms that may have IP-based restrictions.

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers spoof their IP address and submit forms that may have IP-based restrictions.

Ссылки

EPSS

Процентиль: 38%

0.00166

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2024-13666

CVSS3: 5.3

nvd

11 месяцев назад

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers spoof their IP address and submit forms that may have IP-based restrictions.

EPSS

Процентиль: 38%

0.00166

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-20