CVE-2025-13694

Name of the Vulnerable Software and Affected Versions AA Block Country plugin for WordPress versions up to and including 1.0.1

Description The AA Block Country plugin for WordPress is susceptible to IP Address Spoofing. The plugin relies on user-provided headers, specifically the HTTP X FORWARDED FOR header, to identify the client’s IP address without sufficient validation. This lack of validation is particularly problematic when the server is located behind a trusted proxy. An unauthenticated attacker can exploit this flaw to circumvent IP-based access controls by manipulating the X-Forwarded-For header and spoofing their IP address.

Recommendations Update the AA Block Country plugin to a version beyond 1.0.1.