vulnerability
WordPress Plugin: wp-polls: CVE-2022-1581: Authorization Bypass Through User-Controlled Key
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Oct 31, 2022 | May 15, 2025 | May 15, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 31, 2022
Added
May 15, 2025
Modified
May 15, 2025
Description
The WP-Polls plugin for WordPress is vulnerable to IP Validation Bypass in versions up to, and including, 2.75.6. This is due to the plugin prioritizing easier to spoof IP detection mechanisms. This makes it possible for unauthenticated attackers to bypass IP-based limitations to polling.
Solution
wp-polls-plugin-cve-2022-1581

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.