CVE-2014-6230
wp-ban < 1.6.3 - Unauthenticated IP Blacklist Bypass via X-Forwarded-For Header
Title source: llmDescription
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://wordpress.org/plugins/wp-ban/changelog/
Exploit x_refsource_misc
https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Sep/60
Scores
EPSS
0.0244
EPSS Percentile
82.4%
Details
CWE
CWE-20
Status
published
Products (1)
wp-ban_project/wp-ban
< 1.6.3
Published
Oct 25, 2014
Tracked Since
Feb 18, 2026