{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T20:09:39.510","vulnerabilities":[{"cve":{"id":"CVE-2026-1675","sourceIdentifier":"security@wordfence.com","published":"2026-02-07T09:16:01.230","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value."},{"lang":"es","value":"El plugin Advanced Country Blocker para WordPress es vulnerable a un bypass de autorización en todas las versiones hasta la 2.3.1, inclusive, debido al uso de un valor predeterminado predecible para la clave secreta de bypass creada durante la instalación sin requerir que los usuarios la cambien. Esto hace posible que atacantes no autenticados omitan el mecanismo de bloqueo por geolocalización al añadir la clave a cualquier URL en sitios donde el administrador no ha cambiado el valor predeterminado."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L336","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L420","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3455225/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30747988-83f9-41f9-9bc5-1f533bc4cb94?source=cve","source":"security@wordfence.com"}]}}]}