WordPress Plugin Vulnerabilities

IP Blocker Lite <= 11.1.1 - IP Spoofing

Description

The LionScripts: IP Blocker Lite plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 11.1.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP Address and bypass blocklisting.

Affects Plugins

Plugin icon
ip-address-blocker
No known fix

References

CVE
CVE-2024-30479
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2598795e-ea66-4c73-8fcb-6a832f65de52

Classification

Type
SPOOFING
OWASP top 10
A5: Broken Access Control
CWE
CWE-290
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
4eff6ef3-3bc5-41c4-a2fd-baec9067b8a0

Timeline

Publicly Published
2024-03-28 (about 2 years ago)
Added
2024-04-03 (about 2 years ago)
Last Updated
2024-04-03 (about 2 years ago)

Other

Published
Title
Published
2023-09-25
Title
User Activity Log Pro < 2.3.4 - IP Spoofing
Published
2023-12-01
Title
Coming soon and Maintenance mode < 3.7.4 - IP Address Spoofing via get_real_ip
Published
2024-08-26
Title
Maintenance & Coming Soon Redirect Animation <= 2.3.3 - IP Spoofing to Bypass
Published
2023-09-01
Title
Activity Log < 2.8.8 - IP Spoofing
Published
2024-01-05
Title
Wp Ultimate Review < 2.3.7 - IP Spoofing