CVE-2022-2913

Published: Sep 16, 2022Modified: Jun 3, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.

Affected (1)

Products: Login No Captcha Recaptcha Project: Login No Captcha Recaptcha

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Login No Captcha Recaptcha Project Login No Captcha Recaptcha	Before 1.7

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1

Source: contact@wpscan.com

ExploitPatchThird Party Advisory

https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.