CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41155 – WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability
https://notcve.org/view.php?id=CVE-2022-41155
26 Sep 2022 — Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. Vulnerabilidad de bloqueo del BYPASS en el complemento iQ Block Country en versiones <= 1.2.18 en WordPress. The iQ Block Country plugin for WordPress is vulnerable to Country Blocking Bypass in versions up to, and including, 1.2.18. This is due to the improperly implemented login page verification check in the iqblockcountry_is_login_page function. This makes it possible for unauthenticated attackers to bypass the country bloc... • https://patchstack.com/database/vulnerability/iq-block-country/wordpress-iq-block-country-plugin-1-2-18-block-bypass-vulnerability?_s_id=cve • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1762 – iQ Block Country < 1.2.20 - Protection Bypass due to IP Spoofing
https://notcve.org/view.php?id=CVE-2022-1762
17 May 2022 — The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. El plugin iQ Block Country de WordPress versiones hasta 1.2.13, no comprueba correctamente los encabezados HTTP para comprobar la dirección IP de origen, lo que permite a actores de amenazas omitir su función de bloqueo al suplantar los encabezados The iQ Block Country WordPress plugin through 1.2.13... • https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-0246 – iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip
https://notcve.org/view.php?id=CVE-2022-0246
16 Mar 2022 — The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. • https://packetstorm.news/files/id/166370 • CWE-73: External Control of File Name or Path •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36873 – WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36873
22 Sep 2021 — Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Persistente y Autenticado en el plugin iQ Block Country de WordPress (versiones anteriores a 1.2.11, incluyéndola). Parámetro vulnerable: &blockcountry_blockmessage • https://patchstack.com/database/vulnerability/iq-block-country-/wordpress-iq-block-country-plugin-1-2-11-authenticated-persistent-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •