CVE-2026-1675 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predicta…
Medium CVSS: 5.3

CVE-2026-1675

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value.
Vendor
-
Product
-
CWE
CWE-1188
Yayın Tarihi
2026-02-07 09:16:01
Güncelleme
2026-02-09 16:08:35
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-1188 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L278 https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L336 https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L420 https://www.wordfence.com/threat-intel/vulnerabilities/id/30747988-83f9-41f9-9bc5-1f533bc4cb94?source=cve