cbcvebase.
CVE-2022-1762
published 2022-06-13

CVE-2022-1762: The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.19%
64.1th percentile
The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.

Affected

5 ranges
VendorProductVersion rangeFixed in
msrcmicrosoft_exchange_server_2016_cumulative_update_22
msrcmicrosoft_exchange_server_2016_cumulative_update_23
msrcmicrosoft_exchange_server_2019_cumulative_update_11
msrcmicrosoft_exchange_server_2019_cumulative_update_12
webenceiq_block_country<= 1.2.13

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.