Vulnerabilities > CVE-2022-1601 - Unspecified vulnerability in Alexanderschneider User Access Manager

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

alexanderschneider

NVD

Published: 2023-08-30

Updated: 2024-11-21

Summary

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.

Vulnerable Configurations

Part	Description	Count
Application	Alexanderschneider Alexanderschneider User Access Manager *	1

References

https://wpscan.com/vulnerability/f6d3408c-2ceb-4a89-822b-13f5272a5fce
https://wpscan.com/vulnerability/f6d3408c-2ceb-4a89-822b-13f5272a5fce