WordPress Plugin Vulnerabilities
Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing
Description
The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.
Proof of Concept
Set HTTP_CF_CONNECTING_IP or any of the other headers in get_client_ip_address() to spoof the IP address.
Affects Plugins
References
CVE
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-08-31 (about 1 years ago)
Added
2022-08-31 (about 1 years ago)
Last Updated
2022-08-31 (about 1 years ago)