Vulnerability CVE-2022-4303: Information

Description

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-4303

Published: Jan. 23, 2023

Modified: Nov. 7, 2023

Error type identifier: CWE-290

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
python3	p10	3.9.18-alt1	3.9.18-alt1	ALT-PU-2024-2511-3	340781	Fixed
python3	p10_e2k	3.9.18-alt1	3.9.18-alt1	ALT-PU-2024-3765-1	-	Fixed
python3	c10f1	3.9.18-alt0.c10f1.1	3.9.18-alt0.c10f1.1	ALT-PU-2024-6382-3	344932	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://wpscan.com/vulnerability/8428a5e1-dbef-4516-983f-f95605c6dd09	Exploit Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:ciphercoin:wp_limit_login_attempts:*:*:*:*:*:wordpress:*:*
  End including
  2.6.4

Version: v24.5.3

Vulnerability CVE-2022-4303: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1