Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing
Vulnerability Description
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abused by competitors to cause damage related to visibility in search engines, can be used to bypass arbitrary blocks caused by this plugin, block any visitor or even the administrator and even more.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
WordPress plugin Blackhole for Bad Bots 安全漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Blackhole for Bad Bots 存在安全漏洞,该漏洞源于使用CF-CONNECTING-IP、CLIENT-IP等标头来确定命中Blackhole URL的请求的IP地址,从而允许对其进行欺骗。这可能会导致阻止任意IP地址,例如合法/良好的搜索引擎爬
CVSS Information
N/A
Vulnerability Type
N/A