VYPR

Aa Block Country

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-13694MedJan 7, 2026
    risk 0.34cvss 5.3epss 0.00

    The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTP_X_FORWARDED_FOR to determine the client's IP address without proper validation or…

  • CVE-2022-1762Jun 13, 2022
    risk 0.00cvss epss 0.01

    The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.