CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2022-43462
24 Oct 2022 — Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de inyección SQL (SQLi) autenticada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.00 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42462 – WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-42462
24 Oct 2022 — Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. Vulnerabilidad de Cross-Site Scripting (XSS) autenticada almacenada en el complemento IP Blacklist Cloud de Adeel Ahmed <= versiones 5.00. The IP Blacklist Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra... • https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10105 – IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal
https://notcve.org/view.php?id=CVE-2015-10105
07 Mar 2015 — A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. • https://github.com/wp-plugins/ip-blacklist-cloud/commit/6e6fe8c6fda7cbc252eef083105e08d759c07312 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •