WordPress Plugin Vulnerabilities

SecuPress < 2.0 - Unauthenticated Arbitrary IP Ban

Description

The SecuPress WordPress plugin, both free and pro, versions less than 2.0, were affected by a flaw that allowed unauthenticated users to ban any IP on a site that had the plugin installed, making it impossible for them to visit the site. Effectively causing a Denial of Service (DoS) to the banned IP.

Affects Plugins

Plugin icon
secupress
Fixed in 2.0
Plugin icon
secupress-pro
Fixed in 2.0

References

URL
https://secupress.me/blog/secupress-v2-0/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
1c58a844-edcd-47fe-849a-cbabfbb45476

Timeline

Publicly Published
2021-03-23 (about 4 years ago)
Added
2021-03-30 (about 4 years ago)
Last Updated
2021-03-31 (about 4 years ago)

Other

Published
Title
Published
2024-03-25
Title
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
Published
2024-02-16
Title
Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure
Published
2021-09-20
Title
Multiple WooCommerce Add-Ons - Low Priv Arbitrary Blog Options Update/Access/Deletion & Plugin's Settings Update/Export/Import
Published
2022-08-01
Title
Duplicator < 1.4.7 - Unauthenticated Backup Download
Published
2020-09-05
Title
NextScripts: Social Networks Auto-Poster < 4.3.18 - Insufficient Privilege Validation