Vulnerabilities > CVE-2022-1614 - Authorization Bypass Through User-Controlled Key vulnerability in Wp-Email Project Wp-Email

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
wp-email-project
CWE-639
NVD
Published: 2022-06-20
Updated: 2022-06-28

Summary

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions.

Vulnerable Configurations

Part Description Count
Application
Wp-Email_Project
15

Common Weakness Enumeration (CWE)

References