3 matches found
CVE-2022-1165
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search...
CVE-2022-1165
The CVE-2022-1165 issue affects the WordPress plugin “Blackhole for Bad Bots” prior to version 3.3.2. The vulnerability arises because the plugin uses HTTP headers (e.g., CF-CONNECTING-IP, CLIENT-IP) to determine the requester’s IP, which can be spoofed, enabling arbitrary IP blocking or unblocki...
CVE-2022-1165 Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search...