Lucene search

K
cve[email protected]CVE-2022-1762
HistoryJun 13, 2022 - 1:15 p.m.

CVE-2022-1762

2022-06-1313:15:12
web.nvd.nist.gov
44
3
cve-2022-1762
iq block country
wordpress plugin
security vulnerability
http header
spoofing
threat actors
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

33.9%

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it’s block feature by spoofing the headers.

Affected configurations

Vulners
NVD
Node
webenceiq_block_countryRange<1.2.20
VendorProductVersionCPE
webenceiq_block_country*cpe:2.3:a:webence:iq_block_country:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "iQ Block Country",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.20"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

33.9%