Hector Flores

**Name of the Vulnerable Software and Affected Versions** Advanced Country Blocker plugin for WordPress versions prior to 2.3.2 **Description** The Advanced Country Blocker plugin for WordPress is susceptible to an authorization bypass. This is due to the use of a predictable default value for the secret bypass key during installation, which is not required to be changed by users. An unauthenticated attacker can bypass the geolocation blocking mechanism by appending this key to any URL on sites where the administrator has not modified the default value. **Recommendations** Update the Advanced Country Blocker plugin to version 2.3.2 or later. Change the default secret bypass key to a strong, unique value.