The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.
| Attack Vector (AV) | Network | Adjacent | Local | Physical |
|---|---|---|---|---|
| Attack Complexity (AC) | LOW | High | ||
| Privileges Required (PR) | None | Low | High | |
| User Interaction (UI) | None | Required | ||
| Scope (S) | Unchange | Change | ||
| Confidentiality (C) | None | Low | High | |
| Integrity (I) | None | Low | High | |
| Availability (A) | None | Low | High |
| CVE Infomation | Exploits or more Infomation |
|---|---|
| mitre | EXPLOIT DATABASE |
| NVD | 0day.today |
| vulmon.com | github |
| CVE Details | |
| JVN ENG JPN | |
| Reconshell |
Software Tag:
| Name | URL |
|---|---|
| No Data | |
| Name | URL |
|---|---|
| No Data | |