CVE-2022-1600 - OpenCVE

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Yop-poll	Yop Poll

Configuration 1 [-]

cpe:2.3:a:yop-poll:yop_poll:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-01T12:48:14

Updated: 2022-08-01T12:48:14

Reserved: 2022-05-05T00:00:00

Link: CVE-2022-1600

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-01T13:15:09.933

Modified: 2022-08-04T17:19:06.403

Link: CVE-2022-1600

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"containers": {"cna": {"affected": [{"product": "YOP Poll", "vendor": "Unknown", "versions": [{"lessThan": "6.4.3", "status": "affected", "version": "6.4.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Daniel Ruf"}], "descriptions": [{"lang": "en", "value": "The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T12:48:14", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7"}], "source": {"discovery": "EXTERNAL"}, "title": "YOP Poll < 6.4.3 - IP Spoofing", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1600", "STATE": "PUBLIC", "TITLE": "YOP Poll < 6.4.3 - IP Spoofing"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "YOP Poll", "version": {"version_data": [{"version_affected": "<", "version_name": "6.4.3", "version_value": "6.4.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Daniel Ruf"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1600", "datePublished": "2022-08-01T12:48:14", "dateReserved": "2022-05-05T00:00:00", "dateUpdated": "2022-08-01T12:48:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}