Vulnerability CVE-2022-1601


Published: 2023-08-30

Description:
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.

Type:

CWE-290

(Authentication Bypass by Spoofing)

 References:
https://wpscan.com/vulnerability/f6d3408c-2ceb-4a89-822b-13f5272a5fce

Copyright 2026, cxsecurity.com

 

Back to Top