Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass_CVE-2025-10745

{
    "lastseen": "",
    "description": "The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide \u201csecret key\u201d being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request.",
    "published": "2025-09-26T03:25:34.436Z",
    "modified": "2025-09-26T03:25:34.436Z",
    "type": "cve",
    "title": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve\nhttps://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336\nhttps://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365979%40banhammer&new=3365979%40banhammer&sfp_email=&sfph_mail=\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365087%40banhammer&new=3365087%40banhammer&sfp_email=&sfph_mail=",
    "id": "CVE-2025-10745",
    "bulletinFamily": "",
    "cwe": [
        "CWE-330"
    ],
    "cvelist": null,
    "sourceData": "specialk Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots",
    "version": "*",
    "vendor": "specialk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}