ThreatPress

WordPress Vulnerabilities Database

Back

WordPress IP Address Blocker plugin <= 10.3 - Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability

Product
IP Blocker Lite
Description
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability found in WordPress IP Address Blocker plugin (versions <= 10.3).
Solution
Update the WordPress IP Address Blocker plugin to the latest available version (at least 10.5).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 10.3
Fixed In 10.5
Disclosure date
2019-06-19
Submitter
ThreatPress