Vulnerabilities > Plugin Planet > Blackhole FOR BAD Bots

DATE CVE VULNERABILITY TITLE RISK
2022-04-04 CVE-2022-1165 Authorization Bypass Through User-Controlled Key vulnerability in Plugin-Planet Blackhole for BAD Bots
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed.
network
low complexity
plugin-planet CWE-639
6.4