WordPress Plugin Vulnerabilities

Giveaways and Contests by RafflePress < 1.12.11 - IP Spoofing

Description

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.12.7 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP address.

Affects Plugins

Plugin icon
rafflepress
Fixed in 1.12.11

References

CVE
CVE-2024-32827
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/595d6cdb-8a42-480e-8b04-52998156488c

Classification

Type
SPOOFING
OWASP top 10
A5: Broken Access Control
CWE
CWE-290
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Brandon James Roldan (tomorrowisnew)
Verified
Yes
WPVDB ID
33b9f8ae-3e6e-47e4-b407-aa9e4701da8a

Timeline

Publicly Published
2024-04-22 (about 2 years ago)
Added
2024-05-03 (about 2 years ago)
Last Updated
2024-05-03 (about 2 years ago)

Other

Published
Title
Published
2023-12-01
Title
Coming soon and Maintenance mode < 3.7.4 - IP Address Spoofing via get_real_ip
Published
2024-02-12
Title
Defender Security < 4.4.2 - IP Address Spoofing
Published
2024-03-28
Title
IP Blocker Lite <= 11.1.1 - IP Spoofing
Published
2024-09-04
Title
Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass
Published
2024-08-16
Title
LOGIN AND REGISTRATION ATTEMPTS LIMIT<= 2.1 - IP Address Spoofing to Protection Mechanism Bypass