CVE-2014-6230 - Vulnerability Details - OpenCVE

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wp-ban Project	Wp-ban

Configuration 1 [-]

cpe:2.3:a:wp-ban_project:wp-ban:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2014/Sep/60
https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/
https://wordpress.org/plugins/wp-ban/changelog/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-10-25T00:00:00

Updated: 2024-08-06T12:10:13.300Z

Reserved: 2014-09-04T00:00:00

Link: CVE-2014-6230

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-10-25T00:55:03.867

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-6230

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-17T00:00:00", "descriptions": [{"lang": "en", "value": "WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-10-24T23:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/wp-ban/changelog/"}, {"tags": ["x_refsource_MISC"], "url": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"}, {"name": "20140917 Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Sep/60"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6230", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/wp-ban/changelog/", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/wp-ban/changelog/"}, {"name": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/", "refsource": "MISC", "url": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"}, {"name": "20140917 Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Sep/60"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:10:13.300Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/wp-ban/changelog/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"}, {"name": "20140917 Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Sep/60"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-6230", "datePublished": "2014-10-25T00:00:00", "dateReserved": "2014-09-04T00:00:00", "dateUpdated": "2024-08-06T12:10:13.300Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-ban_project:wp-ban:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9CEF45AE-9FE4-4F1C-8502-7E95FFDBA533", "versionEndIncluding": "1.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header."}, {"lang": "es", "value": "El plugin WP-Ban anterior a 1.6.4 para WordPress, cuando funciona en ciertas configuraciones, permite a atacantes remotos evadir la lista negra del IP a trav\u00e9s de una cabecera X-Forwarded-For manipulada."}], "id": "CVE-2014-6230", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-25T00:55:03.867", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Sep/60"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wordpress.org/plugins/wp-ban/changelog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Sep/60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wordpress.org/plugins/wp-ban/changelog/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}