← back
CVE-2024-1860

Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist

CVSS 6.5 MEDIUMEPSS 0.4%CWE-862
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
sminozzi · Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040434%40antihacker&new=3040434%40antihacker&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=cve