Aggregates CVE and security vulnerability intelligence across all webence-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk file inclusion and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-41155 | Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. | [email protected] | 5.3 | 0.57% | 2022-11-19 | 2025-02-20 |
| CVE-2022-1762 | The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | [email protected] | 7.5 | 0.23% | 2022-06-13 | 2024-11-21 |
| CVE-2022-0246 | The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior le | [email protected] | 4.9 | 0.29% | 2022-04-11 | 2024-11-21 |
| CVE-2021-36873 | Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage. | [email protected] | 5.5 | 1.82% | 2021-09-23 | 2024-11-21 |