WordPress Plugin Vulnerabilities

WP Maintenance < 6.1.4 - IP Restriction Bypass

Description

The WP Maintenance plugin for WordPress is vulnerable to IP Address Restriction Bypass in versions up to, and including, 6.1.3. This can be used to bypass settings that may have blocked out an IP address from accessing a page on the site.

Affects Plugins

Plugin icon
wp-maintenance
Fixed in 6.1.4

References

CVE
CVE-2023-47769
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/87a1cc00-330c-40c3-a174-8ea50075c4bd

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
0f572158-37b7-41d7-b3ae-477c0cf51c26

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2023-11-24 (about 2 years ago)

Other

Published
Title
Published
2018-10-22
Title
Download WP-DBManager <= 2.79.1 - Arbitrary File Delete
Published
2023-06-29
Title
Web3 – Crypto wallet Login & NFT token gating < 2.7.0 - Authentication Bypass
Published
2014-08-01
Title
Image News Slider 3.3 - Unspecified Vulnerabilities
Published
2014-08-01
Title
CSS Plus 1.3.1 - Unspecified Vulnerabilities
Published
2018-01-27
Title
Enfold Theme < 4.2.1 - Rewrite Portfolio Permalink Structure & Information Disclosure