CVE-2022-1613 is a medium-severity vulnerability affecting the WordPress plugin 'Restricted Site Access' prior to version 7.3.2. The vulnerability arises from the plugin's method of determining a visitor's IP address. Instead of relying solely on the server-provided REMOTE_ADDR variable, which is generally trustworthy, the plugin prioritizes certain HTTP headers to obtain the visitor's IP. These headers, such as X-Forwarded-For or similar, can be manipulated by an attacker controlling the client or an intermediary proxy. This design flaw leads to an authorization bypass scenario where IP-based access restrictions can be circumvented. Specifically, an attacker can craft HTTP requests with spoofed headers to impersonate an allowed IP address, thereby gaining unauthorized access to restricted areas of a WordPress site protected by this plugin. The vulnerability is categorized under CWE-639 (Authorization Bypass Through User-Controlled Key), highlighting that the authorization mechanism relies on user-controllable input without proper validation. The CVSS v3.1 base score is 5.3 (medium), reflecting that the attack vector is network-based, requires no privileges or user interaction, and impacts integrity by allowing unauthorized access, but does not affect confidentiality or availability. No known exploits are reported in the wild, and no official patches are linked, but upgrading to version 7.3.2 or later is implied to remediate the issue.

For European organizations using the Restricted Site Access WordPress plugin, this vulnerability poses a risk of unauthorized access to restricted content or administrative areas that rely on IP-based access controls. This could lead to unauthorized modifications of website content, defacement, or exposure of sensitive internal resources intended to be shielded by IP restrictions. Although the vulnerability does not directly compromise confidentiality or availability, the integrity impact can undermine trust in the website and potentially facilitate further attacks if attackers gain footholds through unauthorized access. Organizations in sectors with strict compliance requirements (e.g., finance, healthcare, government) may face regulatory scrutiny if unauthorized access leads to data exposure or service disruption. Additionally, since WordPress is widely used across Europe, any organization relying on IP-based restrictions via this plugin is at risk. The lack of required authentication or user interaction means exploitation can be automated and performed remotely, increasing the threat surface.

European organizations should immediately verify if their WordPress installations use the Restricted Site Access plugin and identify the plugin version. If running a version prior to 7.3.2, they should upgrade to 7.3.2 or later, where the vulnerability is addressed. If upgrading is not immediately possible, organizations should consider disabling the plugin or replacing IP-based access restrictions with more robust authentication mechanisms such as multi-factor authentication or VPN-based access controls. Additionally, web application firewalls (WAFs) can be configured to strip or validate suspicious HTTP headers that could be used for IP spoofing. Monitoring web server logs for unusual header patterns or access from unexpected IP addresses can help detect exploitation attempts. Finally, organizations should review their overall access control policies to avoid relying solely on client-controllable data for authorization decisions.