CVE-2022-4303

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WP Limit Login Attempts plugin versions prior to 2.7

Description The issue allows bypassing IP-based restrictions on login forms by prioritizing certain HTTP headers over PHP's REMOTE ADDR for getting a visitor's IP.

Recommendations For WP Limit Login Attempts plugin versions prior to 2.7, update to version 2.7 or later to resolve the issue.

Exploit

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

ALT-PU-2024-2511

ALT-PU-2024-6382

CVE-2022-4303

Affected Products

Alt Linux

Wp Limit Login Attempts

CVE-2022-4303

Weakness Enumeration

Related Identifiers

Affected Products

References · 3