WordPress Plugin Vulnerabilities

WP-Polls < 2.76.0 - IP Validation Bypass

Description

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

Affects Plugins

Plugin icon
wp-polls
Fixed in 2.76.0

References

CVE
CVE-2022-1581
URL
https://www.hightechdad.com/2009/12/21/warning-wp-polls-wordpress-poll-plugin-can-be-exploited/

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
c1896ab9-9585-40e2-abbf-ef5153b3c6b2

Timeline

Publicly Published
2022-10-31 (about 1 years ago)
Added
2022-10-31 (about 1 years ago)
Last Updated
2022-10-31 (about 1 years ago)

Other

Published
Title
Published
2019-08-25
Title
WooCommerce PayU India <= 2.1.1 - Price Tampering
Published
2024-03-29
Title
VS Contact Form < 14.8 - CAPTCHA Bypass
Published
2017-03-13
Title
Dtracker <= 1.5 - Unauthorised Contract Creation
Published
2014-11-24
Title
DukaPress <= 2.5.3 - Unauthenticated Path Traversal
Published
2023-06-12
Title
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass