CVE-2022-1762
published 2022-06-13CVE-2022-1762: The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.19%
64.1th percentile
The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_exchange_server_2016_cumulative_update_22 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_11 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_12 | — | — |
| webence | iq_block_country | <= 1.2.13 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-78xv-3xpm-3hcq: The iQ Block Country WordPress plugin through 1
ghsa_unreviewed·2022-06-14
CVE-2022-1762 [HIGH] CWE-290 GHSA-78xv-3xpm-3hcq: The iQ Block Country WordPress plugin through 1
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
Microsoft
Microsoft Exchange Server Information Disclosure Vulnerability
vendor_msrc·2022-08-09·CVSS 5.3
CVE-2022-34692 [MEDIUM] Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited the vulnerability could read targeted email messages.
Microsoft Exchange Server: Microsoft Exchange Server
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://www.microsoft.com/download/details.aspx?familyid=2961d7a6-c089-4fe6-8c4c-c100878950b8
Reference: https://www.microsoft.com/download/details.aspx?familyid=1d34be10-1762-44dd-ad87-510441e3798f
Reference: https://www.microsoft.com/download/details.aspx?fam
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-13
Published