Vulnerability Details CVE-2022-1613
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.2%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2022-1613
-
cpe:2.3:a:10up:restricted_site_access:1.0
-
cpe:2.3:a:10up:restricted_site_access:1.0.1
-
cpe:2.3:a:10up:restricted_site_access:1.0.2
-
cpe:2.3:a:10up:restricted_site_access:2.0
-
cpe:2.3:a:10up:restricted_site_access:2.1
-
cpe:2.3:a:10up:restricted_site_access:3.0
-
cpe:2.3:a:10up:restricted_site_access:3.1
-
cpe:2.3:a:10up:restricted_site_access:3.1.1
-
cpe:2.3:a:10up:restricted_site_access:3.2
-
cpe:2.3:a:10up:restricted_site_access:3.2.1
-
cpe:2.3:a:10up:restricted_site_access:4.0
-
cpe:2.3:a:10up:restricted_site_access:5.0
-
cpe:2.3:a:10up:restricted_site_access:5.0.1
-
cpe:2.3:a:10up:restricted_site_access:5.1
-
cpe:2.3:a:10up:restricted_site_access:6.0
-
cpe:2.3:a:10up:restricted_site_access:6.0.1
-
cpe:2.3:a:10up:restricted_site_access:6.0.2
-
cpe:2.3:a:10up:restricted_site_access:6.1.0
-
cpe:2.3:a:10up:restricted_site_access:6.2.0
-
cpe:2.3:a:10up:restricted_site_access:6.2.1
-
cpe:2.3:a:10up:restricted_site_access:7.0.0
-
cpe:2.3:a:10up:restricted_site_access:7.0.1
-
cpe:2.3:a:10up:restricted_site_access:7.1.0
-
cpe:2.3:a:10up:restricted_site_access:7.2.0
-
cpe:2.3:a:10up:restricted_site_access:7.3.0
-
cpe:2.3:a:10up:restricted_site_access:7.3.1