CVE-2024-30479
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
IP Blocker Lite plugin up to 11.1.1 allows authentication bypass via spoofing, enabling attackers to bypass IP-blocking restrictions without valid credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IP Blocker Lite plugin up to 11.1.1 allows authentication bypass via spoofing, enabling attackers to bypass IP-blocking restrictions without valid credentials.
Vulnerability
Overview The LionScripts IP Blocker Lite plugin for WordPress contains an Authentication Bypass by Spoofing vulnerability in versions up to 11.1.1. This flaw allows an attacker to circumvent the plugin's access control mechanisms, effectively bypassing IP-based blocking rules that are meant to restrict or deny access to certain areas of a site.
Exploitation
Details The vulnerability is rooted in the plugin's failure to properly validate or authenticate requests that are spoofed. An unauthenticated attacker can send specially crafted requests to the server, mimicking a trusted IP address or user, thereby evading the plugin's security filters. This bypass does not require any prior authentication or special privileges, making it attractive for automated exploitation campaigns targeting a large number of WordPress sites.
Impact
Successful exploitation could lead to unauthorized access to protected areas of the website, exposing sensitive information, allowing malicious content injection, or enabling further attacks against the site. This type of vulnerability is frequently used in mass-exploit campaigns, affecting sites regardless of their size or popularity.
Mitigation
The vendor has released an update to address the issue. Users are strongly advised to update to the latest version of the plugin as soon as possible. If an immediate update is not feasible, site owners should contact their hosting provider or a web developer for assistance in implementing temporary workarounds, though the only fully effective solution is to apply the patch [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=11.1.1
- Range: <=11.1.1
Patches
0ip-address-blockerThis plugin has been removed from the WordPress.org directory on 2023-07-27 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.