CVE-2022-50961 WordPress Plugin IP2Location Country Blocker 2.26.7 Stored XSS

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page setting...

EUVD-2021-12007

Malware in sbrugna...

EUVD-2025-4441

Malicious code in bioql PyPI...

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

CVE-2021-25108

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...

CVE-2025-1502

CVE-2025-1502 affects the WordPress plugin IP2Location Redirection (versions up to and including 1.33.3). The issue is a missing capability check on the AJAX action download_ip2location_redirection_backup , allowing unauthenticated attackers to download the plugin’s settings. Public sources in th...