Wp-Ban Project Wp-Ban vulnerabilities
3 known vulnerabilities affecting wp-ban_project/wp-ban.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-4260P4MEDIUMCVSS 4.8PoCfixed in 1.69.12023-01-02
CVE-2022-4260 [MEDIUM] CWE-79 CVE-2022-4260: The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
nvd
CVE-2021-4252P4MEDIUMCVSS 6.1fixed in 2021-11-242022-12-18
CVE-2021-4252 [MEDIUM] CWE-707 CVE-2021-4252: A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects t
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76.
nvd
CVE-2014-6230P4MEDIUMCVSS 4.3≤ 1.6.32014-10-25
CVE-2014-6230 [MEDIUM] CWE-20 CVE-2014-6230: WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote atta
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.
nvd