Lucene search
WPScanCVELIST:CVE-2021-25108HistoryFeb 07, 2022 - 3:47 p.m.
CVE-2021-25108 IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
2022-02-0715:47:24
CWE-352
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
37.9%
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend.
CNA Affected
[
{
"product": "IP2Location Country Blocker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.26.6",
"status": "affected",
"version": "2.26.6",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
wpvulndb
wpvulndb
IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
2022-01-06 00:00:00
wpexploit
wpexploit
IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
2022-01-06 00:00:00
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-02-07 16:15:00
cve
cve
CVE-2021-25108
2022-02-07 16:15:46
nvd
nvd
CVE-2021-25108
2022-02-07 16:15:46