exploitDog

CVE-2022-4746

Опубликовано: 23 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.

Ссылки

https://wpscan.com/vulnerability/62e3babc-00c6-4a35-972f-8f03ba70ba32
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/62e3babc-00c6-4a35-972f-8f03ba70ba32
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpmanageninja:fluentauth:*:*:*:*:*:wordpress:*:*

Версия до 1.0.2 (исключая)

EPSS

Процентиль: 38%

0.00169

Низкий

7.5 High

CVSS3

Дефекты

CWE-290

CWE-290

Связанные уязвимости

GHSA-733x-g8m7-q4jm

CVSS3: 7.5

github

около 3 лет назад

The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.

EPSS

Процентиль: 38%

0.00169

Низкий

7.5 High

CVSS3

Дефекты

CWE-290

CWE-290