2 matches found
CVE-2025-1502 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export
The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'downloadip2locationredirectionbackup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download...
CVE-2025-1502
CVE-2025-1502 affects the WordPress plugin IP2Location Redirection (versions up to and including 1.33.3). The issue is a missing capability check on the AJAX action download_ip2location_redirection_backup , allowing unauthenticated attackers to download the plugin’s settings. Public sources in th...