CVE-2022-1762

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
webenceiq_block_country
𝑥
≤ 1.2.13
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85
https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85