CVE-2014-6230

wp-ban < 1.6.3 - Unauthenticated IP Blacklist Bypass via X-Forwarded-For Header

Title source: llm
STIX 2.1

Description

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

Scores

EPSS 0.0244
EPSS Percentile 82.4%

Details

CWE
CWE-20
Status published
Products (1)
wp-ban_project/wp-ban < 1.6.3
Published Oct 25, 2014
Tracked Since Feb 18, 2026