Authentication Bypass by Spoofing

CVE-2022-1762

Medium

5/10

Summary

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

Advisory Timeline

Published Jun 13, 2022

Authentication Bypass by Spoofing

CVE-2022-1762

Summary

CWE-290 - Authentication Bypass by Spoofing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS