CVE-2022-2913

Exploit

EPSS 0.1%
Veröffentlicht 16.09.2022 09:15:11
Zuletzt bearbeitet 03.06.2025 18:15:21
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Login No Captcha reCAPTCHA <= 1.6.11 - CAPTCHA Bypass via Whitelisted IP Address Spoofing

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.

Mögliche Gegenmaßnahme

Login No Captcha reCAPTCHA: Update to version 1.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Login No Captcha reCAPTCHA

Version *-1.6.11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.286

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1

Patch

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/c8c69fc2-e1bf-43e7-a80e-931dbb70d8da

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2913

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2913

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2913

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-2913