2 matches found
CVE-2020-13485
The Knock Knock plugin for Craft CMS is affected up to version 1.2.7 (pre-1.2.8). The root cause is a flawed IP whitelisting mechanism that trusts the X-Forwarded-For header, allowing an attacker to bypass IP-based access controls. Impact: potential unauthorized access due to bypassed whitelist; ...
CVE-2020-13486
CVE-2020-13486 affects the Knock Knock plugin for Craft CMS (versions before 1.2.8). The root cause is an open redirection vulnerability arising from insufficient validation of redirect parameters, as documented by multiple sources in the connected records. The impact is malicious redirection; ex...