CVE-2022-1613

Published: Sep 26, 2022Modified: May 21, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.

Affected (1)

Products: 10up: Restricted Site Access

10up

1 product

Restricted Site Access

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
10up Restricted Site Access	Before 7.3.2

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://wpscan.com/vulnerability/c03863ef-9ac9-402b-8f8d-9559c9988e2b

Source: contact@wpscan.com

ExploitPatchThird Party Advisory

https://wpscan.com/vulnerability/c03863ef-9ac9-402b-8f8d-9559c9988e2b

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.