WordPress Login Block IPs plugin <= 1.0.0 - Arbitrary Setting Update via Cross-Site Request Forgery (CSRF) vulnerability

2022-09-0500:00:00

Daniel Ruf

patchstack.com

wordpress

arbitrary setting update

cross-site request forgery (csrf)

EPSS

0.001

Percentile

25.9%

JSON

Arbitrary Setting Update via Cross-Site Request Forgery (CSRF) vulnerability discovered by Daniel Ruf in WordPress Login Block IPs plugin (versions <= 1.0.0).

Solution

Deactivate and delete. This plugin has been closed as of September 5, 2022 and is not available for download. This closure is temporary, pending a full review.