Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Banhammer – Monitor Site Traffic, Block Bad Users and Bots by specialk

    CVE-2025-10745 (GCVE-0-2025-10745)

    Vulnerability from nvd – Published: 2025-09-26 03:25 – Updated: 2026-04-08 17:10
    VLAI
    Title
    Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass
    Summary
    The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide “secret key” being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin’s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    Impacted products
    Credits
    Jonas Benjamin Friedli
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-26T19:32:14.193040Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-26T19:32:24.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots",
              "vendor": "specialk",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jonas Benjamin Friedli"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide \u201csecret key\u201d being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:10:32.674Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3365979%40banhammer\u0026new=3365979%40banhammer\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3365087%40banhammer\u0026new=3365087%40banhammer\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-19T20:59:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-25T14:27:24.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots \u003c= 3.4.8 - Unauthenticated Protection Mechanism Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-10745",
        "datePublished": "2025-09-26T03:25:34.436Z",
        "dateReserved": "2025-09-19T19:27:00.940Z",
        "dateUpdated": "2026-04-08T17:10:32.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10745 (GCVE-0-2025-10745)

    Vulnerability from cvelistv5 – Published: 2025-09-26 03:25 – Updated: 2026-04-08 17:10
    VLAI
    Title
    Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass
    Summary
    The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide “secret key” being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin’s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    Impacted products
    Credits
    Jonas Benjamin Friedli
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-26T19:32:14.193040Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-26T19:32:24.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots",
              "vendor": "specialk",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jonas Benjamin Friedli"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide \u201csecret key\u201d being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:10:32.674Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3365979%40banhammer\u0026new=3365979%40banhammer\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3365087%40banhammer\u0026new=3365087%40banhammer\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-19T20:59:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-25T14:27:24.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots \u003c= 3.4.8 - Unauthenticated Protection Mechanism Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-10745",
        "datePublished": "2025-09-26T03:25:34.436Z",
        "dateReserved": "2025-09-19T19:27:00.940Z",
        "dateUpdated": "2026-04-08T17:10:32.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }