Vulnerability Details : CVE-2022-1581
The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
Products affected by CVE-2022-1581
- cpe:2.3:a:wp-polls_project:wp-polls:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1581
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1581
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-1581
-
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.Assigned by: contact@wpscan.com (Primary)
References for CVE-2022-1581
-
https://www.hightechdad.com/2009/12/21/warning-wp-polls-wordpress-poll-plugin-can-be-exploited/
WARNING: WP-Polls WordPress Poll Plugin Can Be Exploited - HighTechDad™Exploit;Third Party Advisory
-
https://wpscan.com/vulnerability/c1896ab9-9585-40e2-abbf-ef5153b3c6b2
Just a moment...Exploit;Third Party Advisory
Jump to