CVE-2022-4539

MEDIUM

WordPress Web Application Firewall <= 2.1.2 - X-Forwarded-For IP Spoofing

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-4539. PoCs published by Abdurahmon3236.

AI-analyzed exploit summary This PoC demonstrates IP address spoofing in the Web Application Firewall plugin for WordPress by manipulating the X-Forwarded-For header to bypass login restrictions. It uses multithreading, proxy rotation, and dynamic headers to test the vulnerability.

Description

The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.

Exploits (1)

nomisec WORKING POC

by Abdurahmon3236 · poc

https://github.com/Abdurahmon3236/CVE-2022-4539

View Code ZIP pw:eip

This PoC demonstrates IP address spoofing in the Web Application Firewall plugin for WordPress by manipulating the X-Forwarded-For header to bypass login restrictions. It uses multithreading, proxy rotation, and dynamic headers to test the vulnerability.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Web Application Firewall plugin for WordPress (versions up to and including 2.1.2)

No auth needed

Prerequisites: Access to the target WordPress login page · Ability to send HTTP requests with custom headers

MITRE ATT&CK

T1036 - Masquerading T1078 - Valid Accounts T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://plugins.trac.wordpress.org/changeset/3055548/web-application-firewall/trunk/helper/utility.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0e99531c-8742-4f91-8525-65bb3cb06644?source=cve

Scores

CVSS v3 5.3

EPSS 0.0063

EPSS Percentile 45.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-345 CWE-348

Status published

Products (2)

cyberlord92/Web Application Firewall – website security < 2.1.2

miniorange/web_application_firewall < 2.1.3

Published Aug 31, 2024

Tracked Since Feb 18, 2026