Aa Block Country
Approved changes feed: RSS · Atom
cpe:2.3:a:aaextensions:aa_block_country:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aaextensions (0314b701-2fed-557b-83ef-b72ae1a41e24) |
|---|---|
| Product | Aa Block Country (bd238794-fafa-5385-b73e-dea4be767997) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-13694 |
vulnerable | 2026-06-03 14:58:53.437040 |
AA Block country <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header
MEDIUM (5.3)
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTP_X_FORWARDED_FOR to determine the client's IP address without proper validation or considering if the server is behind a trusted proxy. This makes it possible for unauthenticated attackers to bypass IP-based access restrictions by spoofing their IP address via the X-Forwarded-For header.
Published: 2026-01-07T09:20:51.402Z
Updated: 2026-04-08T16:32:55.677Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.