[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faFvdxJxxaeeYtBh_hXe0yaXZWiPvDpos_JD-Hj2o3F4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-36528","kk-star-ratings-ip-spoofing-to-protection-mechanism-bypass","kk Star Ratings \u003C= 5.4.3 - IP Spoofing to Protection Mechanism Bypass","The kk Star Ratings plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.4.3. This is due to the plugin prioritizing obtaining a visitor's IP address from a spoofable HTTP header over PHP's REMOTE_ADDR. Attackers can supply a header with with a different IP Address that can be used to bypass the 'Unique votes (based on IP Address)' setting.","kk-star-ratings",null,"\u003C=5.4.3","5.4.4","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2023-07-17 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1c4fcaa5-357a-4b70-8653-3874a234f07d?source=api-prod",190]