Summaryinfo

A vulnerability, which was classified as critical, has been found in User Access Manager Plugin up to 2.2.17 on WordPress. This issue affects some unknown processing. The manipulation leads to authentication spoofing. The identification of this vulnerability is CVE-2022-1601. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in User Access Manager Plugin up to 2.2.17 on WordPress (Access Management Software). This vulnerability affects an unknown functionality. The manipulation with an unknown input leads to a authentication spoofing vulnerability. The CWE definition for the vulnerability is CWE-290. This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. As an impact it is known to affect integrity. CVE summarizes:

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.

The weakness was published 08/30/2023. The advisory is available at wpscan.com. This vulnerability was named CVE-2022-1601 since 05/05/2022. The technical details are unknown and an exploit is not available.

Upgrading to version 2.2.18 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Access Management Software

Name

• User Access Manager Plugin

Version

• 2.2.0
• 2.2.1
• 2.2.2
• 2.2.3
• 2.2.4
• 2.2.5
• 2.2.6
• 2.2.7
• 2.2.8
• 2.2.9
• 2.2.10
• 2.2.11
• 2.2.12
• 2.2.13
• 2.2.14
• 2.2.15
• 2.2.16
• 2.2.17

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion