ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Ban Plugin <= 1.6.3 - BYPASS

Product
WP Ban
Description
Because of this vulnerability, the attackers can bypass the IP blacklist via a crafted X-Forwarded-For header.
Solution
Update the plugin.
Classification
Type BYPASS
References
CVE Mitre
CVE
Name CVE-2014-6230
Versions
Affected In <= 1.6.3
Fixed In 1.6.4
Disclosure date
2014-09-04
Credits
Tom Adams