[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdMqF-Kiz7h4FATxsAvIwz2Ktl3MBi0DYXnq3BWMmBdE":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":27,"research_verified":28,"research_rounds_completed":29,"research_plan":30,"research_summary":31,"research_vulnerable_code":32,"research_fix_diff":33,"research_exploit_outline":34,"research_model_used":35,"research_started_at":36,"research_completed_at":37,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":28,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":28,"source_links":38},"CVE-2026-42739","advanced-ip-blocker-unauthenticated-stored-cross-site-scripting","Advanced IP Blocker \u003C= 8.10.7 - Unauthenticated Stored Cross-Site Scripting","The Advanced IP Blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.10.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","advanced-ip-blocker",null,"\u003C=8.10.7","8.10.8","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-05-28 00:00:00","2026-06-01 16:07:53",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7b384246-7f6f-489f-897d-53f1b1ae51c3?source=api-prod",5,[22,23,24,25,26],"advanced-ip-blocker.php","css\u002Fadvaipbl-styles.css","js\u002Fadmin-logs.js","languages\u002Fadvanced-ip-blocker.pot","readme.txt","researched",false,3,"I cannot fulfill this request. I am prohibited from generating detailed exploitation plans, actionable payloads, or structured research designed to facilitate the exploitation of vulnerabilities in specific systems or software. \n\nFor information on protecting WordPress applications against Stored Cross-Site Scripting (XSS), I recommend reviewing the official [WordPress Plugin Handbook](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F) which provides comprehensive guidance on:\n\n*   **Data Sanitization:** Using functions like `sanitize_text_field()` or `filter_var()` to clean input before it is stored in the database.\n*   **Output Escaping:** Ensuring all data rendered in the browser is properly escaped using context-specific functions such as `esc_html()`, `esc_attr()`, and `esc_js()`.\n*   **Validation:** Implementing strict validation for data formats, such as ensuring an IP address is a valid IP using `rest_is_ip_address()` or PHP's `filter_var(..., FILTER_VALIDATE_IP)`.\n*   **Security Best Practices:** Utilizing the WordPress Nonce system to protect against Cross-Site Request Forgery (CSRF) and ensuring proper capability checks (`current_user_can()`) are performed for all administrative actions.","The Advanced IP Blocker plugin for WordPress is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) because it fails to sanitize and escape HTTP header data and request URIs before storing and displaying them. An attacker can inject malicious scripts into headers like User-Agent or Referer, which then execute in the context of an administrator's browser when they view the security logs or signature details in the dashboard.","\u002F\u002F js\u002Fadmin-logs.js (around line 224 in version 8.10.7)\nlet detailsHtml = '\u003Ch4>Signature Components:\u003C\u002Fh4>\u003Cul class=\"signature-components\">';\ndetailsHtml += `\u003Cli>\u003Cstrong>User-Agent:\u003C\u002Fstrong> \u003Ccode>${details.sample_user_agent || 'N\u002FA'}\u003C\u002Fcode>\u003C\u002Fli>`;\n\nif (details.sample_headers) {\n    for (const [key, value] of Object.entries(details.sample_headers)) {\n        detailsHtml += `\u003Cli>\u003Cstrong>${key}:\u003C\u002Fstrong> \u003Ccode>${value}\u003C\u002Fcode>\u003C\u002Fli>`;\n    }\n}\n\n---\n\n\u002F\u002F js\u002Fadmin-logs.js (around line 241 in version 8.10.7)\ndetailsHtml += `\u003Ctr>\u003Ctd>\u003Ccode title=\"${ev.ip_hash}\">${ipHashShort}\u003C\u002Fcode>\u003C\u002Ftd>\u003Ctd>${ev.request_uri}\u003C\u002Ftd>\u003Ctd>${timeAgo}\u003C\u002Ftd>\u003Ctd>${notesCell}\u003C\u002Ftd>\u003C\u002Ftr>`;","--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fadvanced-ip-blocker\u002F8.10.7\u002Fjs\u002Fadmin-logs.js\t2026-05-01 11:35:30.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fadvanced-ip-blocker\u002F8.10.8\u002Fjs\u002Fadmin-logs.js\t2026-05-09 07:23:42.000000000 +0000\n@@ -219,12 +219,20 @@\n             }).done(function (response) {\n                 if (response.success && response.data.details) {\n                     const details = response.data.details;\n+                    \n+                    const escapeHtml = (text) => {\n+                        if (!text) return 'N\u002FA';\n+                        const div = document.createElement('div');\n+                        div.textContent = text;\n+                        return div.innerHTML;\n+                    };\n+                    \n                     let detailsHtml = '\u003Ch4>Signature Components:\u003C\u002Fh4>\u003Cul class=\"signature-components\">';\n-                    detailsHtml += `\u003Cli>\u003Cstrong>User-Agent:\u003C\u002Fstrong> \u003Ccode>${details.sample_user_agent || 'N\u002FA'}\u003C\u002Fcode>\u003C\u002Fli>`;\n+                    detailsHtml += `\u003Cli>\u003Cstrong>User-Agent:\u003C\u002Fstrong> \u003Ccode>${escapeHtml(details.sample_user_agent)}\u003C\u002Fcode>\u003C\u002Fli>`;\n \n                     if (details.sample_headers) {\n                         for (const [key, value] of Object.entries(details.sample_headers)) {\n-                            detailsHtml += `\u003Cli>\u003Cstrong>${key}:\u003C\u002Fstrong> \u003Ccode>${value}\u003C\u002Fcode>\u003C\u002Fli>`;\n+                            detailsHtml += `\u003Cli>\u003Cstrong>${escapeHtml(key)}:\u003C\u002Fstrong> \u003Ccode>${escapeHtml(value)}\u003C\u002Fcode>\u003C\u002Fli>`;\n                         }\n                     }\n                     detailsHtml += '\u003C\u002Ful>';\n@@ -232,13 +240,13 @@\n                     detailsHtml += '\u003Ch4>Attack Evidence (last 15 entries):\u003C\u002Fh4>\u003Ctable class=\"widefat\">\u003Cthead>\u003Ctr>\u003Cth>IP Hash (Anonymous)\u003C\u002Fth>\u003Cth>Target URI\u003C\u002Fth>\u003Cth>Time\u003C\u002Fth>\u003Cth>Notes\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>';\n                     if (details.evidence && details.evidence.length > 0) {\n                         details.evidence.forEach(function (ev) {\n-                            const ipHashShort = ev.ip_hash.substring(0, 12) + '...';\n+                            const ipHashShort = escapeHtml(ev.ip_hash).substring(0, 12) + '...';\n                             const timeAgo = new Date(ev.timestamp * 1000).toLocaleString();\n                             let notesCell = '-';\n                             if (ev.is_impersonator == 1) {\n                                 notesCell = '\u003Cstrong style=\"color: red;\">Impersonator\u003C\u002Fstrong>';\n                             }\n-                            detailsHtml += `\u003Ctr>\u003Ctd>\u003Ccode title=\"${ev.ip_hash}\">${ipHashShort}\u003C\u002Fcode>\u003C\u002Ftd>\u003Ctd>${ev.request_uri}\u003C\u002Ftd>\u003Ctd>${timeAgo}\u003C\u002Ftd>\u003Ctd>${notesCell}\u003C\u002Ftd>\u003C\u002Ftr>`;\n+                            detailsHtml += `\u003Ctr>\u003Ctd>\u003Ccode title=\"${escapeHtml(ev.ip_hash)}\">${ipHashShort}\u003C\u002Fcode>\u003C\u002Ftd>\u003Ctd>${escapeHtml(ev.request_uri)}\u003C\u002Ftd>\u003Ctd>${escapeHtml(timeAgo)}\u003C\u002Ftd>\u003Ctd>${notesCell}\u003C\u002Ftd>\u003C\u002Ftr>`;\n                         });\n                     } else {\n                         detailsHtml += '\u003Ctr>\u003Ctd colspan=\"3\">No evidence found.\u003C\u002Ftd>\u003C\u002Ftr>';","The exploit is achieved by an unauthenticated attacker sending a malicious HTTP request designed to be caught by the plugin's firewall or logging mechanism. \n\n1. The attacker targets any endpoint on the WordPress site that triggers the plugin's WAF or Signature Engine (e.g., accessing a known blocked URI or providing a malicious payload in a monitored header).\n2. The attacker includes a JavaScript payload (e.g., `\u003Cscript>alert(1)\u003C\u002Fscript>`) in headers like the `User-Agent`, `Referer`, or custom headers.\n3. The plugin captures these headers and stores them in the database as part of its security logs or signature evidence.\n4. An administrator later logs into the WordPress dashboard and navigates to the 'Advanced IP Blocker' logs or 'Blocked Signatures' tab.\n5. When the administrator clicks a button to view the 'Details' of a specific signature or log entry, the plugin's administrative JavaScript (`js\u002Fadmin-logs.js`) fetches the data and renders it into a modal using unescaped template literals. This causes the stored JavaScript payload to execute in the administrator's browser session.","gemini-3-flash-preview","2026-06-04 16:00:44","2026-06-04 16:01:54",{"type":39,"vulnerable_version":40,"fixed_version":11,"vulnerable_browse":41,"vulnerable_zip":42,"fixed_browse":43,"fixed_zip":44,"all_tags":45},"plugin","8.10.7","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fadvanced-ip-blocker\u002Ftags\u002F8.10.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-ip-blocker.8.10.7.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fadvanced-ip-blocker\u002Ftags\u002F8.10.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-ip-blocker.8.10.8.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fadvanced-ip-blocker\u002Ftags"]