CVE-2022-1165

Name of the Vulnerable Software and Affected Versions The Blackhole for Bad Bots WordPress plugin versions prior to 3.3.2

Description The issue allows IP addresses to be spoofed by manipulating headers such as CF-CONNECTING-IP and CLIENT-IP, which can lead to blocking arbitrary IP addresses. This could affect legitimate search engine crawlers or bots, and may be exploited by competitors to cause damage related to search engine visibility. It can also be used to bypass blocks, block any visitor, or even the administrator.

Recommendations For versions prior to 3.3.2, update to version 3.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the blackhole URL to minimize the risk of exploitation.