Description
WordPress Plugin WP-Ban is prone to a security bypass vulnerability. Attackers can exploit this vulnerability in some circumstances by setting the "X-Forwarded-For" HTTP header field and thus bypassing IP blacklisting functionality. WordPress Plugin WP-Ban version 1.63 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.64 or latest
References
http://packetstormsecurity.com/files/128292/WordPress-WP-Ban-1.62-Bypass.html
Related Vulnerabilities
WordPress Plugin GS Products Slider for WooCommerce Cross-Site Scripting (1.5.8)
WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.98)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1454)
WordPress Plugin Crelly Slider Arbitrary File Upload (1.3.4)