IP Blacklist Bypass in WP-Ban Plugin for WordPress
CVE-2014-6230

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-ban
Vendor: CVE Published:; 25 October 2014

Summary

The WP-Ban plugin prior to version 1.6.4 for WordPress has a security flaw where remote attackers can circumvent IP blacklisting by sending a specially crafted X-Forwarded-For header. This misconfiguration allows unauthorized users to access restricted areas, exposing the website to potential threats. It is critical for users of the WP-Ban plugin to update to the latest version to safeguard against this vulnerability.

References

https://wordpress.org/plugins/wp-ban/changelog/

x_refsource_CONFIRM

https://security.dxw.com/advisories/vulnerability-in-wp-b...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/Sep/60

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Oct 25, 2014
Vulnerability Reserved
Sep 4, 2014