Date published: 2014-10-24T20:55:03.867-04:00
Date last modified: 2014-10-27T10:58:22.027-04:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Reference URL: http://seclists.org/fulldisclosure/2014/Sep/60
Summary: WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.