CVE-2022-1762
HIGHCVSS 7.5/10EPSS 1.16%
Last modified
CVE-2022-1762 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.. EPSS estimates a 1.16% chance of exploitation in the next 30 days.
Description
The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Webence | Iq Block Country | <= 1.2.13 |
References
- https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/03254977-37cc-4365-979b-326f9637be85Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1762?
The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
How severe is CVE-2022-1762?
CVE-2022-1762 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.16% probability of exploitation in the next 30 days.
How do I fix CVE-2022-1762?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-1762?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST