汇总 webence 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 跨站脚本与文件包含 等问题,部分漏洞可能导致 文件覆盖,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2022-41155 | Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. | [email protected] | 5.3 | 0.66% | 2022-11-18 | 2026-06-17 |
| CVE-2022-1762 | The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | [email protected] | 7.5 | 1.16% | 2022-06-13 | 2026-06-17 |
| CVE-2022-0246 | The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior le | [email protected] | 4.9 | 3.31% | 2022-04-11 | 2026-06-17 |
| CVE-2021-36873 | Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage. | [email protected] | 5.5 | 1.19% | 2021-09-23 | 2026-06-16 |