Primary

Context

wpDiscuz IP Spoofing Vulnerability Allowing Bypass of Rate Limiting and Ban Enforcement

Vulnerability

Patched

An IP spoofing vulnerability has been identified in the wpDiscuz WordPress plugin, affecting versions prior to 7.6.47. The issue resides in the getIP() function, where the plugin trusts untrusted HTTP headers, allowing attackers to spoof their IP addresses. By manipulating the HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers, attackers can bypass IP-based rate limiting and ban enforcement, circumventing essential security controls.

Impact

Exploitation of this vulnerability allows for IP spoofing, which can be used to bypass rate limiting and ban enforcement mechanisms, potentially leading to abuse of commenting features or other rate-limited actions.

Added: Mar 13, 2026, 8:12 PM

Updated: Mar 13, 2026, 8:12 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

4.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

4.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpDiscuz IP Spoofing Vulnerability Allowing Bypass of Rate Limiting and Ban Enforcement

Vulnerability

Impact

Affected Products

wpDiscuz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating