All In One Security
CVE-2022-4097
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
AnalysisAI
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-639. The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). Affected products include: Updraftplus All-In-One Security. Version information: before 5.0.8.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in All In One Security
View allThe All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings p
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting
The All-In-One Security (AIOS) - Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Script
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today