CVE-2024-3050

Summary

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking

Affected Software

VendorProductVersion RangeStatus
UnknownSite Reviews0 < 7.0.0affected

Weaknesses

  • CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References