Medium severity6.5NVD Advisory· Published Aug 17, 2024· Updated Apr 15, 2026

CVE-2022-4532

Description

The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/login-attempts-limit-wp/trunk/includes/Ip.phpnvd
www.wordfence.com/threat-intel/vulnerabilities/id/50421e90-ccd6-4896-8041-b99279314301nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000