5.3
CVE-2022-4097
- EPSS 0.58%
- Veröffentlicht 12.12.2022 18:15:13
- Zuletzt bearbeitet 14.04.2025 19:15:33
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAll In One WP Security & Firewall < 5.0.8 - IP Spoofing
All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
Mögliche Gegenmaßnahme
All-In-One Security (AIOS) – Security and Firewall: Update to version 5.0.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Updraftplus ≫ All-in-one Security SwPlatformwordpress Version < 5.0.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
All-In-One Security (AIOS) – Security and Firewall
Version
*-5.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.429 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://wpscan.com/vulnerability/15819d33-7497-4f7d-bbb8-b3ab147806c4
https://www.wordfence.com/threat-intel/vulnerabilities/id/de39bad4-858a-4332-8ed0-bfd92a67b9cb