WordPress Plugin Vulnerabilities

RSFirewall < 1.1.25 - IP Block Bypass

Description

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.
Although it is fixed on version 1.1.25, the fix will only affect new installations. We recommend existing users to review the HTTP headers set for proper IP identification.

Proof of Concept

Affects Plugins

Plugin icon
rsfirewall
Fixed in 1.1.25

References

CVE
CVE-2021-4226

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
c0ed80c8-ebbf-4ed9-b02f-31660097c352

Timeline

Publicly Published
2022-04-13 (about 3 years ago)
Added
2022-04-13 (about 3 years ago)
Last Updated
2022-04-18 (about 3 years ago)

Other

Published
Title
Published
2015-04-05
Title
WordPress Video Gallery <= 2.8 - Unprotected Mail Page
Published
2020-05-06
Title
Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS
Published
2022-11-09
Title
Better Messages < 1.9.10.71 - Subscriber+ Messaging Block Bypass
Published
2016-03-03
Title
Antioch Theme - Arbitrary File Download
Published
2019-05-19
Title
Option Tree < 2.7.3 - Object Injection Bypass