How severe is CVE-2022-4532?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-4532?

This is classified as CWE-348, which is a common weakness in software security.

CVE-2022-4532 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.

Related Vulnerabilities

CVE-2025-1245

MEDIUM

CVSS:6.5(Medium)

Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view componen...

CWE-3482025

CVE-2025-43918

MEDIUM

CVSS:6.4(Medium)

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email...

CWE-3482025

CVE-2024-54840

MEDIUM

CVSS:6.1(Medium)

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.

CWE-3482024

CVE-2021-21373

MEDIUM

CVSS:5.9(Medium)

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In cas...

CWE-3482021

CVE-2025-47424

HIGH

CVSS:7.1(High)

Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.

CWE-3482025

CVE-2022-2255

HIGH

CVSS:7.5(High)

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application ...

CWE-3482022