CNNVD-202602-1119 Information

Feb 07, 2026 cve

CNNVD ID

CNNVD-202602-1119

CVE-2026-1675

CNNVD Published: 2026-02-07

Description (Chinese)

WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。checklist是使用在其中的一个用于将网页列表转换为清单文件的插件。req是一个使用 Black Magic 的简单 Go HTTP 客户端。Press是一个运行 Frappe Cloud 的 Frappe 自定义应用程序。 WordPress plugin Advanced Country Blocker 2.3.1及之前版本存在安全漏洞，该漏洞源于使用可预测的默认密钥且未要求用户更改，可能导致未经验证的攻击者绕过地理位置阻止机制。

Description (English)

WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. Checklist is one of the plugins used to convert web page lists into inventory files. Req is a simple Go HTTP client using Black Magic. Press is a Frappe custom application to run Frappe Cloud. WordPress pluging Advanced Country Blocker 2.3.1 and previous versions had a security loophole, which stemmed from the use of a predictable default key and did not require changes by the user, which could lead to uncertified assailants bypassing the mechanism.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WordPress

Published

2026-02-07

Last Modified

2026-02-24

References

https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L278 https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L336 https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L420 https://www.wordfence.com/threat-intel/vulnerabilities/id/30747988-83f9-41f9-9bc5-1f533bc4cb94?source=cve https://access.redhat.com/security/cve/cve-2026-1675

Share on: