CVE-2022-4097

Exploit

EPSS 0.19%
Veröffentlicht 12.12.2022 18:15:13
Zuletzt bearbeitet 14.04.2025 19:15:33
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass

The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).

Mögliche Gegenmaßnahme

All-In-One Security (AIOS) – Security and Firewall: Update to version 5.0.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt All-In-One Security (AIOS) – Security and Firewall

Version * - 5.0.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Updraftplus ≫ All-in-one Security SwPlatformwordpress Version < 5.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://wpscan.com/vulnerability/15819d33-7497-4f7d-bbb8-b3ab147806c4

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/de39bad4-858a-4332-8ed0-bfd92a67b9cb

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4097

EUVD