Vulnerabilities > CVE-2022-1613 - Authorization Bypass Through User-Controlled Key vulnerability in 10Up Restricted Site Access

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

10up

CWE-639

NVD

Published: 2022-09-26

Updated: 2022-09-28

Summary

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.

Vulnerable Configurations

Part	Description	Count
Application	10Up 10Up Restricted Site Access *	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://wpscan.com/vulnerability/c03863ef-9ac9-402b-8f8d-9559c9988e2b