CVE-2022-2362
Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
El plugin Download Manager de WordPress versiones anteriores a 3.2.50, prioriza la obtención de la IP de un visitante a partir de determinados encabezados HTTP por encima de REMOTE_ADDR de PHP, lo que permite omitir las restricciones de bloqueo de descargas basadas en la IP.
The Download Manager plugin for WordPress is vulnerable to IP Blocking Bypass in versions up to, and including, 3.2.49 due to the way the visitor's IP address is determined. This allows an unauthenticated attacker to spoof their IP address to obtain access to files that are protected by this functionality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-09 CVE Reserved
- 2022-08-01 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-290: Authentication Bypass by Spoofing
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/d94b721e-9ce2-45e5-a673-2a57b0137653 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wpdownloadmanager Search vendor "Wpdownloadmanager" | Wordpress Download Manager Search vendor "Wpdownloadmanager" for product "Wordpress Download Manager" | < 3.2.50 Search vendor "Wpdownloadmanager" for product "Wordpress Download Manager" and version " < 3.2.50" | wordpress |
Affected
|