{"containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-01-16T15:52:20.316Z"}, "title": "iQ Block Country < 1.2.20 - Protection Bypass due to IP Spoofing", "problemTypes": [{"descriptions": [{"description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "iQ Block Country", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "1.2.20"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."}], "references": [{"url": "https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Daniel Ruf", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1762", "datePublished": "2022-06-13T12:42:39", "dateReserved": "2022-05-17T00:00:00", "dateUpdated": "2024-01-16T15:52:20.316Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webence:iq_block_country:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9776C912-C584-4FCB-8346-806A51533C84", "versionEndIncluding": "1.2.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."}, {"lang": "es", "value": "El plugin iQ Block Country de WordPress versiones hasta 1.2.13, no comprueba correctamente los encabezados HTTP para comprobar la direcci\u00f3n IP de origen, lo que permite a actores de amenazas omitir su funci\u00f3n de bloqueo al suplantar los encabezados"}], "id": "CVE-2022-1762", "lastModified": "2023-11-07T03:42:10.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-13T13:15:12.210", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}