CVE-2014-9413

Name of the Vulnerable Software and Affected Versions simple-ip-ban plugin version 1.2.3

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the ip list, user agent list, or redirect url parameter in the simple-ip-ban page to "wp-admin/options-general.php" endpoint.

Recommendations For simple-ip-ban plugin version 1.2.3, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the simple-ip-ban page in wp-admin/options-general.php to minimize the risk of exploitation. Avoid using the ip list, user agent list, or redirect url parameters in the affected page until the issue is resolved.