PT-2014-7103 · WordPress · Wp-Ban
Tom Adams
·
Published
2014-10-25
·
Updated
2022-12-23
·
CVE-2014-6230
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP-Ban plugin versions prior to 1.6.4
Description
The issue allows remote attackers to bypass the IP blacklist via a crafted
X-Forwarded-For header when running in certain configurations.Recommendations
For WP-Ban plugin versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the
X-Forwarded-For header to minimize the risk of exploitation.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp-Ban