Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through <= 8.10.7.
Published: 2026-05-27
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Advanced IP Blocker plugin for WordPress contains an improper neutralization of input during web page generation that enables DOM‑based XSS. Malicious JavaScript injected through unescaped user input runs in the victim’s browser, potentially stealing session cookies, hijacking accounts, defacing the site, or installing client‑side malware. This weakness is a classic CWE‑79 type of vulnerability.

Affected Systems

The vulnerability affects the IniLerm Advanced IP Blocker plugin, version 8.10.7 and any earlier releases that have not yet been patched. Administrators of WordPress sites that have not upgraded past 8.10.7 are at risk.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact rating; the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote, as the attacker can embed malicious payloads via crafted URLs or form submissions that the plugin fails to sanitize. If an attacker can lure a user to a page containing the vulnerable input, they can execute arbitrary code in the user’s browser. While no active exploits are documented on KEV, the combination of high CVSS and remote operation warrants immediate attention.

Generated by OpenCVE AI on May 27, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Advanced IP Blocker plugin to a newer version that includes the vendor fix.
  • If an upgrade is not immediately possible, disable or remove the Advanced IP Blocker plugin to prevent exposure to the XSS vulnerability.
  • Implement WAF rules or a browser‑side content security policy to block reflected malicious scripts targeting the plugin’s input handling.

Generated by OpenCVE AI on May 27, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through <= 8.10.7.
Title WordPress Advanced IP Blocker plugin <= 8.10.7 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T10:51:42.839Z

Reserved: 2026-04-29T09:05:30.886Z

Link: CVE-2026-42739

cve-icon Vulnrichment

Updated: 2026-05-27T10:51:37.649Z

cve-icon NVD

Status : Received

Published: 2026-05-27T11:16:20.583

Modified: 2026-05-27T11:16:20.583

Link: CVE-2026-42739

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T12:30:25Z

Weaknesses