WordPress IP Blocker Lite Plugin <= 11.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
CSRF vulnerability in LionScripts IP Blocker Lite plugin up to version 11.1.1 allows attackers to perform unauthorized actions on behalf of authenticated users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in LionScripts IP Blocker Lite plugin up to version 11.1.1 allows attackers to perform unauthorized actions on behalf of authenticated users.
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the LionScripts IP Blocker Lite plugin for WordPress, affecting versions up to and including 11.1.1. The plugin lacks proper CSRF protection on certain actions, allowing attackers to trick authenticated users into performing unintended operations.
Exploitation
An attacker can craft a malicious web page or email that, when visited by an authenticated WordPress administrator, triggers a forged request to the plugin’s endpoints. No special authentication or network position is required beyond the ability to serve content to the victim or entice them to click a link.
Impact
Successful exploitation enables an attacker to perform actions on the WordPress site within the context of the victim’s session, such as modifying IP block rules, disabling security configurations, or adding/removing blocked addresses. This could lead to reduced site security and potential exposure of administrative functionality to unauthorized parties.
Mitigation
The plugin has been closed and removed from the WordPress.org plugin directory as of July 27, 2023, due to a security issue [1]. No patched version is available through official channels. Users should immediately uninstall the plugin and consider alternative security solutions.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=11.1.1+ 1 more
- (no CPE)range: <=11.1.1
- (no CPE)range: n/a
Patches
0ip-address-blockerThis plugin has been removed from the WordPress.org directory on 2023-07-27 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.