CVE-2022-1600

CWE-639Insecure Direct Object ReferenceCWE-276Incorrect Default Permissions4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 58.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown YOP PollYop-poll YOP Poll
Timeline
PublishedAug 1
Latest updateOct 12

Description

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/yop_poll6.4.36.4.3
NVDyop-poll/yop_poll< 6.4.3

🔴Vulnerability Details

2
GHSA
GHSA-5q68-9mm8-q9vm: The YOP Poll WordPress plugin before 62022-08-02
CVEList
YOP Poll < 6.4.3 - IP Spoofing2022-08-01

📋Vendor Advisories

1
Red Hat
cri-o: Security regression of CVE-2022-276522022-10-12
CVE-2022-1600 (MEDIUM CVSS 5.3) | The YOP Poll WordPress plugin befor | cvebase.io