Vulnerabilities > Plugin Planet > Blackhole FOR BAD Bots > 1.7

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-04	CVE-2022-1165	Authorization Bypass Through User-Controlled Key vulnerability in Plugin-Planet Blackhole for BAD Bots The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. network low complexity plugin-planet CWE-639	6.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.