CVE-2022-1581
WP-Polls < 2.76.0 - IP Validation Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
El complemento de WordPress WP-Polls anterior a 2.76.0 prioriza la obtención de la IP de un visitante a partir de ciertos encabezados HTTP sobre REMOTE_ADDR de PHP, lo que permite evitar las limitaciones basadas en IP para votar en ciertas situaciones.
The WP-Polls plugin for WordPress is vulnerable to IP Validation Bypass in versions up to, and including, 2.75.6. This is due to the plugin prioritizing easier to spoof IP detection mechanisms. This makes it possible for unauthenticated attackers to bypass IP-based limitations to polling.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-04 CVE Reserved
- 2022-10-31 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/c1896ab9-9585-40e2-abbf-ef5153b3c6b2 | 2024-08-03 | |
| https://www.hightechdad.com/2009/12/21/warning-wp-polls-wordpress-poll-plugin-can-be-exploited | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wp-polls Project Search vendor "Wp-polls Project" | Wp-polls Search vendor "Wp-polls Project" for product "Wp-polls" | < 2.76.0 Search vendor "Wp-polls Project" for product "Wp-polls" and version " < 2.76.0" | wordpress |
Affected
| ||||||