WordPress Plugin Vulnerabilities

Survey Maker < 4.1.0 - IP Address Spoofing

Description

The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.0.9 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to spoof their IP address.

Affects Plugins

Plugin icon
survey-maker
Fixed in 4.1.0

References

CVE
CVE-2023-35764
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce297421-506c-4230-837e-96200677e1e2

Classification

Type
SPOOFING
OWASP top 10
A5: Broken Access Control
CWE
CWE-290
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Atsuya Yoda
Verified
No
WPVDB ID
73755596-6b52-46e9-964f-5e392458eb5d

Timeline

Publicly Published
2024-04-27 (about 2 years ago)
Added
2024-05-08 (about 2 years ago)
Last Updated
2024-05-08 (about 2 years ago)

Other

Published
Title
Published
2025-10-30
Title
OOPSpam Anti-Spam < 1.2.54 - Unauthenticated IP Header Spoofing
Published
2025-10-09
Title
All In One Login 2.0.8 - IP Sooofing to Protection Mechanism Bypass
Published
2023-12-05
Title
WP Photo Album Plus < 8.6.01.005 - IP Spoofing
Published
2024-01-05
Title
Wp Ultimate Review < 2.3.7 - IP Spoofing
Published
2023-12-27
Title
RegistrationMagic < 5.2.5.1 - IP Spoofing