CVE-2022-1581 is a medium-severity vulnerability affecting the WP-Polls WordPress plugin versions prior to 2.76.0. The root cause is an authorization bypass stemming from improper handling of visitor IP addresses. Specifically, the plugin prioritizes extracting the visitor's IP address from certain HTTP headers (such as X-Forwarded-For or similar) over the more reliable PHP REMOTE_ADDR server variable. Since HTTP headers can be manipulated by an attacker, this design flaw allows an attacker to spoof their IP address and bypass IP-based restrictions implemented by the plugin to limit voting frequency or prevent multiple votes from the same user. This vulnerability is categorized under CWE-639 (Authorization Bypass Through User-Controlled Key), indicating that user-controlled input is used as a key to enforce authorization checks, which can be circumvented. The CVSS 3.1 base score is 5.3 (medium), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). No known exploits are currently reported in the wild, and no official patches or vendor advisories are linked, though the issue is publicly documented. The vulnerability allows an attacker to cast multiple votes in polls protected by IP-based voting restrictions, potentially skewing poll results and undermining the integrity of data collected via WP-Polls. This can affect websites relying on WP-Polls for user feedback, surveys, or decision-making processes, especially if poll results influence business or public opinion decisions.

For European organizations, the impact of this vulnerability is primarily on the integrity of data collected through WP-Polls. Organizations using this plugin for customer feedback, internal surveys, or public opinion polls may experience distorted results due to unauthorized multiple voting. This can lead to misguided business decisions, reputational damage, and loss of trust among users or customers. While the vulnerability does not directly compromise confidentiality or availability, the integrity breach can have downstream effects, such as incorrect analytics or flawed decision-making. Additionally, if poll results influence regulatory compliance reporting or public communications, manipulated data could have legal or compliance repercussions. Given the widespread use of WordPress and the popularity of polling plugins, organizations in sectors such as media, marketing, public administration, and e-commerce in Europe could be affected. However, the impact is limited to the polling functionality and does not extend to broader system compromise or data breaches.

To mitigate this vulnerability, European organizations should take the following specific actions: 1) Immediately update the WP-Polls plugin to version 2.76.0 or later, where the issue is resolved by correctly prioritizing REMOTE_ADDR over user-controllable HTTP headers for IP detection. 2) If updating is not immediately possible, implement web application firewall (WAF) rules to sanitize or block suspicious HTTP headers that can be used to spoof IP addresses, such as X-Forwarded-For, especially from untrusted sources. 3) Consider disabling IP-based vote restrictions temporarily and implement alternative anti-abuse mechanisms, such as user authentication or CAPTCHA challenges, to prevent multiple voting. 4) Audit existing poll data for anomalies indicating multiple votes from the same user or IP address to assess the extent of any manipulation. 5) Monitor plugin vendor channels and security advisories for any further updates or patches. 6) Educate site administrators about the risks of relying solely on IP-based restrictions and encourage the use of multi-factor anti-abuse controls in polling features. 7) Review server and proxy configurations to ensure that REMOTE_ADDR reflects the true client IP and that trusted proxy headers are handled securely.