WordPress Plugin Vulnerabilities

Solid Security < 9.3.2 - IP Address Spoofing to Denial of Service

Description

The Solid Security – Password, Two Factor Authentication, and Brute Force Protection plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 9.3.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to perform a denial of service attack.

Affects Plugins

Plugin icon
better-wp-security
Fixed in 9.3.2

References

CVE
CVE-2022-44593
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6eebeb72-7a4b-46d0-a585-4e44c03d187a

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Snicco
Verified
No
WPVDB ID
cb5dcc35-9bbc-4d65-9907-f102e784baf9

Timeline

Publicly Published
2024-06-20 (about 1 year ago)
Added
2024-07-02 (about 1 year ago)
Last Updated
2024-07-02 (about 1 year ago)

Other

Published
Title
Published
2024-04-19
Title
VikBooking < 1.6.8 - Broken Access Control
Published
2021-05-26
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation
Published
2023-04-25
Title
REST API TO MiniProgram <= 4.6.9 - Subscriber+ Attachment Deletion
Published
2024-03-19
Title
Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure
Published
2021-07-19
Title
RestroPress < 2.8.3.1 - Unauthorised AJAX Calls