cve/2023/CVE-2023-5239.md

### [CVE-2023-5239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5239)
![](https://img.shields.io/static/v1?label=Product&message=Security%20%26%20Malware%20scan%20by%20CleanTalk&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.121%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-290%20Authentication%20Bypass%20by%20Spoofing&color=brighgreen)

### Description

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.

### POC

#### Reference
- https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-5239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5239)`
			`![](https://img.shields.io/static/v1?label=Product&message=Security%20%26%20Malware%20scan%20by%20CleanTalk&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.121%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-290%20Authentication%20Bypass%20by%20Spoofing&color=brighgreen)`

			`### Description`

			`The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3`

			`#### Github`
			`No PoCs found on GitHub currently.`