CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44593 – WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability
https://notcve.org/view.php?id=CVE-2022-44593
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1. El uso de la vulnerabilidad de fuente menos confiable en SolidWP Solid Security permite HTTP DoS. Este problema afecta a Solid Security: desde n/a hasta 9.3.1. The Solid Security – Password, Two Factor Authentication, and Brute Force Protection plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 9.3.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to perform a denial of service attack. • https://patchstack.com/database/vulnerability/better-wp-security/wordpress-solid-security-plugin-9-3-1-ip-spoofing-leading-to-denial-of-service-vulnerability?_s_id=cve • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28786 – WordPress Solid Security Plugin <= 8.1.4 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-28786
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ('Open Redirect') en SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection. Este problema afecta a Solid Security – Password, Two Factor Authentication, and Brute Force Protection: desde n/a hasta 8.1.4. The iThemes Security plugin for WordPress is vulnerable to open redirection in versions up to, and including, 8.1.4. This is due to the use of wp_redirect instead of wp_safe_redirect in the redirect_to_https function. • https://patchstack.com/database/vulnerability/better-wp-security/wordpress-ithemes-security-plugin-8-1-4-open-redirection-via-host-header-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •