CVE-2022-1600: 
WordPress vulnerability analysis and mitigation

The YOP Poll WordPress plugin versions before 6.4.3 contains a security vulnerability identified as CVE-2022-1600. The vulnerability was discovered by Daniel Ruf and was publicly disclosed on July 11, 2022. The issue affects the IP address validation mechanism in the plugin, which incorrectly prioritizes HTTP headers over PHP's REMOTE_ADDR for visitor IP detection (WPScan).

The vulnerability stems from the plugin's IP address validation implementation where it prioritizes certain HTTP headers over PHP's native REMOTE_ADDR variable for determining a visitor's IP address. This implementation flaw can be exploited by manipulating the X-Forwarded-For header to provide a different IP address than the legitimate one (WPScan).

The vulnerability allows attackers to bypass IP-based voting limitations in polls created using the YOP Poll plugin. By exploiting this vulnerability, malicious users can submit multiple votes by spoofing different IP addresses, potentially manipulating poll results (WPScan).

The vulnerability has been fixed in YOP Poll version 6.4.3. Website administrators using affected versions should upgrade to version 6.4.3 or later to protect against this vulnerability (WPScan).