CVE-2023-4631

CWE-2903 documents3 sources

Severity

5.3MEDIUM

EPSS

1.7%

top 17.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Dologin Security Wpdo Dologin Security

Timeline

PublishedSep 25

Description

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDwpdo/dologin_security< 3.7

▶CVEListV5unknown/dologin_security< 3.7

🔴Vulnerability Details

CVEList

DoLogin Security < 3.7 - IP Spoofing↗2023-09-25

▶

GHSA

GHSA-5hrc-f88x-6wm7: The DoLogin Security WordPress plugin before 3↗2023-09-25

▶