CVE-2022-2913

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.

Related Vulnerabilities

CVE-2017-0920

MEDIUM
CVSS:4.3(Medium)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...

CWE-6392017

CVE-2017-15195

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

CWE-6392017

CVE-2017-15196

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.

CWE-6392017

CVE-2017-15197

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.

CWE-6392017

CVE-2017-15199

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.

CWE-6392017

CVE-2017-15200

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.

CWE-6392017