CVE-2022-1600 - OpenCVE

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yop-poll	Yop Poll

Configuration 1 [-]

cpe:2.3:a:yop-poll:yop_poll:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-01T12:48:14

Updated: 2024-08-03T00:10:03.637Z

Reserved: 2022-05-05T00:00:00

Link: CVE-2022-1600

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-01T13:15:09.933

Modified: 2022-08-04T17:19:06.403

Link: CVE-2022-1600

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "YOP Poll", "vendor": "Unknown", "versions": [{"lessThan": "6.4.3", "status": "affected", "version": "6.4.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Daniel Ruf"}], "descriptions": [{"lang": "en", "value": "The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T12:48:14", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7"}], "source": {"discovery": "EXTERNAL"}, "title": "YOP Poll < 6.4.3 - IP Spoofing", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1600", "STATE": "PUBLIC", "TITLE": "YOP Poll < 6.4.3 - IP Spoofing"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "YOP Poll", "version": {"version_data": [{"version_affected": "<", "version_name": "6.4.3", "version_value": "6.4.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Daniel Ruf"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.637Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1600", "datePublished": "2022-08-01T12:48:14", "dateReserved": "2022-05-05T00:00:00", "dateUpdated": "2024-08-03T00:10:03.637Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}