Filtered by vendor Wp-ban Project Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-4631 1 Wp-ban Project 1 Wp-ban 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216480.
CVE-2022-4260 1 Wp-ban Project 1 Wp-ban 2024-11-21 4.8 Medium
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2021-4252 1 Wp-ban Project 1 Wp-ban 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability.
CVE-2014-6230 1 Wp-ban Project 1 Wp-ban 2024-11-21 N/A
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.