CVE-2022-1581

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wp-polls_project:wp-polls:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:41

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/c1896ab9-9585-40e2-abbf-ef5153b3c6b2 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/c1896ab9-9585-40e2-abbf-ef5153b3c6b2 - Exploit, Third Party Advisory
References () https://www.hightechdad.com/2009/12/21/warning-wp-polls-wordpress-poll-plugin-can-be-exploited/ - Exploit, Third Party Advisory () https://www.hightechdad.com/2009/12/21/warning-wp-polls-wordpress-poll-plugin-can-be-exploited/ - Exploit, Third Party Advisory

23 Nov 2022, 15:51

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-21 11:15

Updated : 2024-11-21 06:41


NVD link : CVE-2022-1581

Mitre link : CVE-2022-1581

CVE.ORG link : CVE-2022-1581


JSON object : View

Products Affected

wp-polls_project

  • wp-polls
CWE

No CWE.