Vulnerability Details CVE-2022-1614
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
Products affected by CVE-2022-1614
-
cpe:2.3:a:wp-email_project:wp-email:-
-
cpe:2.3:a:wp-email_project:wp-email:2.63
-
cpe:2.3:a:wp-email_project:wp-email:2.64
-
cpe:2.3:a:wp-email_project:wp-email:2.65
-
cpe:2.3:a:wp-email_project:wp-email:2.66
-
cpe:2.3:a:wp-email_project:wp-email:2.67
-
cpe:2.3:a:wp-email_project:wp-email:2.67.1
-
cpe:2.3:a:wp-email_project:wp-email:2.67.2
-
cpe:2.3:a:wp-email_project:wp-email:2.67.3
-
cpe:2.3:a:wp-email_project:wp-email:2.67.4
-
cpe:2.3:a:wp-email_project:wp-email:2.67.5
-
cpe:2.3:a:wp-email_project:wp-email:2.67.6
-
cpe:2.3:a:wp-email_project:wp-email:2.68.0
-
cpe:2.3:a:wp-email_project:wp-email:2.68.1
-
cpe:2.3:a:wp-email_project:wp-email:2.68.2