Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key
Vulnerability Description
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
不安全的默认资源初始化
Vulnerability Title
WordPress plugin Advanced Country Blocker 安全漏洞
Vulnerability Description
WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。checklist是使用在其中的一个用于将网页列表转换为清单文件的插件。req是一个使用 Black Magic 的简单 Go HTTP 客户端。Press是一个运行 Frappe Cloud 的 Frappe 自定义应用程序。 WordPress plugin Advanced Country Blocker 2.3.1及之前版本存在安全漏洞,该漏洞源于使用可预测的默认密钥且未要求用
CVSS Information
N/A
Vulnerability Type
N/A