WordPress IP spoofing vulnerabilities (10)
-
DOS through IP spoofing – (miniOrange <= 5.5.82)
The plugin is wide open to IP spoofing all over the board which an attacker can exploit to permanently ban search-engine crawlers, legitimate users, or the site’s reverse proxy.
-
DOS through IP spoofing – (Jetpack <= 11.3.1)
Jetpack is susceptible to IP spoofing during login rate limiting which an attacker can abuse to prevent legitimate users and/or a site’s reverse proxy from making requests to the wp-login.php endpoint.
-
WAF bypass through IP spoofing – (Jetpack <= 11.3.1)
Jetpack contains are currently NOT exploitable security faux that allows an attacker to bypass all WAF rules.
-
DOS through IP spoofing – (Zero Spam for WordPress <= 5.4.1
An attacker can spoof his IP while submitting spam comments to ban arbitrary IPs, search-engine crawlers, or the site’s reverse proxy.
-
DOS through IP spoofing – (Banhammer <= 2.9)
An attacker can use IP spoofing to ban legitimate users, search-engine crawlers, or a site’s reverse proxy. This becomes possible as soon as a site owner changes the default IP source of the plugin by using the “banhammer_ip_keys” filter.
-
Blocklist bypass through user agent spoofing – (Blackhole for Bad Bots <= 3.3.3)
A malicious bot spoofing his User-Agent header to one in the plugin’s allowlist can bypass the plugin’s full functionality.
-
DOS through IP spoofing – (Blackhole for Bad Bots <= 3.3.3)
An attacker can use IP spoofing to ban legitimate users, search-engine crawlers, or a site’s reverse proxy. This becomes possible as soon as a site owner changes the default IP source of the plugin by using the “blackhole_ip_keys” filter.
-
DOS and allowlist bypass through IP spoofing – (SiteGround Security <= 1.3.0 )
The plugin is vulnerable to IP spoofing which an attacker can abuse the perform a DOS attack on the target site by preventing legitimate users, or the site’s reverse proxy from making requests to the wp-login endpoint. Alternatively, an attacker can spoof his IP address to bypass all rate-limit restrictions.
-
DOS through IP spoofing – (SiteGuard <= 1.6.1)
An attacker can exploit an IP spoofing vulnerability in the plugin to ban arbitrary users or the site’s reverse proxies.
-
DOS through IP spoofing – (Loginizer <= 1.7.3)
An attacker can ban arbitrary IP addresses on the target side by spoofing HTTP headers. This can be exploited to ban search-engine crawlers, the site’s reverse proxy, or legitimate users.