Themes Vulnerabilities

Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass

Description

The Restricted Site Access plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 6.3.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for user IP Addresses. This makes it possible for attackers to gain access to areas of the site that may have been restricted.

Affects Themes

restricted-site-access
No known fix

References

CVE
CVE-2023-48753
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/804169d3-a53a-42ba-821d-e9647ac075c4

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
11014837-5f56-4d6d-82ad-7fd65096e4f8

Timeline

Publicly Published
2023-11-27 (about 2 years ago)
Added
2023-12-01 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2017-01-11
Title
WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
Published
2025-02-17
Title
CarSpot < 2.4.4 - Unauthenticated Arbitrary Password Reset/Account Takeover
Published
2015-02-09
Title
WPLMS 1.8.4.1 - Privilege Escalation
Published
2014-08-01
Title
WordPress <= 2.0.2 - Remote Shell Injection
Published
2015-10-01
Title
Jetpack <= 3.7.0 - Information Disclosure