| |
Vulnerability CVE-2022-1762
Published: 2022-06-13
| Description: |
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. |
Type:
CWE-639 (Authorization Bypass Through User-Controlled Key)
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
