Lucene search
WPScanCVELIST:CVE-2021-25095HistoryFeb 07, 2022 - 12:00 a.m.
CVE-2021-25095 IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
2022-02-0700:00:00
CWE-862
CWE-352
WPScan
www.cve.org
1
0.001 Low
EPSS
Percentile
29.6%
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend.
CNA Affected
[
{
"vendor": "Unknown",
"product": "IP2Location Country Blocker",
"versions": [
{
"version": "2.26.5",
"status": "affected",
"lessThan": "2.26.5",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-25095
2022-02-07 16:15:44
wpexploit
wpexploit
IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
2022-01-06 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
2022-01-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-02-07 16:15:00
nvd
nvd
CVE-2021-25095
2022-02-07 16:15:44