CVE-2022-2913 - OpenCVE

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Login No Captcha Recaptcha Project	Login No Captcha Recaptcha

Configuration 1 [-]

cpe:2.3:a:login_no_captcha_recaptcha_project:login_no_captcha_recaptcha:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-09-16T08:40:39

Updated: 2022-09-16T08:40:39

Reserved: 2022-08-19T00:00:00

Link: CVE-2022-2913

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-16T09:15:11.310

Modified: 2022-09-20T17:44:48.717

Link: CVE-2022-2913

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"containers": {"cna": {"affected": [{"product": "Login No Captcha reCAPTCHA", "vendor": "Unknown", "versions": [{"lessThan": "1.7", "status": "affected", "version": "1.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Daniel Ruf"}], "descriptions": [{"lang": "en", "value": "The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T08:40:39", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1"}], "source": {"discovery": "EXTERNAL"}, "title": "Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2913", "STATE": "PUBLIC", "TITLE": "Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Login No Captcha reCAPTCHA", "version": {"version_data": [{"version_affected": "<", "version_name": "1.7", "version_value": "1.7"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Daniel Ruf"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2913", "datePublished": "2022-09-16T08:40:39", "dateReserved": "2022-08-19T00:00:00", "dateUpdated": "2022-09-16T08:40:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}