PT-2026-6896 · WordPress · Advanced Country Blocker
Hector Flores
·
Publicado
2026-02-07
·
Atualizado
2026-02-07
·
CVE-2026-1675
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Advanced Country Blocker plugin for WordPress versions prior to 2.3.2
Description
The Advanced Country Blocker plugin for WordPress is susceptible to an authorization bypass. This is due to the use of a predictable default value for the secret bypass key during installation, which is not required to be changed by users. An unauthenticated attacker can bypass the geolocation blocking mechanism by appending this key to any URL on sites where the administrator has not modified the default value.
Recommendations
Update the Advanced Country Blocker plugin to version 2.3.2 or later.
Change the default secret bypass key to a strong, unique value.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Advanced Country Blocker