The RSFirewall! plugin for WordPress is not secure in versions 1.1.24 or earlier. An attacker can use a technique called IP Address Spoofing to get around blocks and access areas they should not be allowed to. This is because the plugin does not properly check the IP address of the person trying to access the service.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
