The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 05 Sep 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. | |
Title | Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass | |
Weaknesses | CWE-348 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-05T11:00:15.651Z
Updated: 2024-09-05T18:04:33.796Z
Reserved: 2022-12-15T22:35:52.457Z
Link: CVE-2022-4529
Vulnrichment
Updated: 2024-09-05T18:04:29.426Z
NVD
Status : Awaiting Analysis
Published: 2024-09-05T11:15:12.147
Modified: 2024-09-05T12:53:21.110
Link: CVE-2022-4529
Redhat
No data.