CVE-2025-10745

Name of the Vulnerable Software and Affected Versions Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress versions through 3.4.8

Description The Banhammer plugin for WordPress is susceptible to a blocking bypass. This occurs because a site-wide “secret key” is predictably generated using md5() and base64 encode() from a constant character set and stored in the banhammer secret key option. Unauthenticated attackers can bypass the plugin’s logging and blocking mechanisms by appending a GET parameter named banhammer-process {SECRET} where {SECRET} is the predictable key value. This causes Banhammer to disable its protections for that specific request.

Recommendations Update to a version later than 3.4.8.