CVE-2022-4260
- EPSS 2.51%
- Published 02.01.2023 22:15:16
- Last modified 10.04.2025 19:15:52
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f...
CVE-2022-4631
- EPSS 0.08%
- Published 21.12.2022 19:15:15
- Last modified 21.11.2024 07:35:37
A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patc...
CVE-2021-4252
- EPSS 0.08%
- Published 18.12.2022 22:15:10
- Last modified 21.11.2024 06:37:14
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. T...
CVE-2014-6230
- EPSS 0.25%
- Published 25.10.2014 00:55:03
- Last modified 12.04.2025 10:46:40
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.