Lucene search
K

120 matches found

CNNVD
CNNVD
added 2022/02/07 12:0 a.m.6 views

Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in th...

7.1CVSS7.1AI score0.00537EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/02/07 12:0 a.m.4 views

PT-2022-9650 · WordPress · Ip2Location Country Blocker

Name of the Vulnerable Software and Affected Versions: IP2Location Country Blocker WordPress plugin versions prior to 2.26.5 Description: The issue concerns a lack of authorization and CSRF checks in the ip2location country blocker save rules AJAX action. This allows any authenticated users, such...

7.1CVSS6.8AI score0.00537EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.5 views

Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An Access Control Error vulnerability exists in the Wordpress...

6.5CVSS6.5AI score0.01047EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/02/07 12:0 a.m.26 views

CVE-2021-25095 IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...

7.1AI score0.00537EPSS
Exploits2References2
0day.today
0day.today
added 2022/02/05 12:0 a.m.263 views

WordPress IP2Location Country Blocker 2.26.7 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan Bozogullarindan...

7.4AI score
Exploits0
wpexploit
wpexploit
added 2022/02/04 12:0 a.m.91 views

IP2Location Country Blocker < 2.26.9 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, enable Frontend Blocking and put the following payload in the Display page when visitor is blocked U...

0.4AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/02/04 12:0 a.m.18 views

IP2Location Country Blocker < 2.26.9 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, enable Frontend Blocking and put the following payload in the Display page when visitor is block...

2.8AI score
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2022/02/04 12:0 a.m.263 views

WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting

Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Date: 02-02-2022 Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/04 12:0 a.m.249 views

WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Date: 02-02-2022 Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.16 views

WordPress IP2Location Country Blocker plugin <= 2.26.5 - Arbitrary Country Ban via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Country Ban via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.5. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.6...

7.1CVSS4.8AI score0.00451EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.95 views

IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. Make an admin open a page with the following code in it, whi...

7.1CVSS0.5AI score0.00451EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.72 views

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

7.1CVSS0.6AI score0.00537EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.20 views

IP2Location Country Blocker < 2.26.5 - Ban Bypass

The plugin bans can be bypassed by using a specific parameter in the URL PoC https://example.com/?admin-ajax=hehe...

6.5CVSS0.8AI score0.01047EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.21 views

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

7.1CVSS1.7AI score0.00537EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.84 views

IP2Location Country Blocker < 2.26.5 - Ban Bypass

The plugin bans can be bypassed by using a specific parameter in the URL https://example.com/?admin-ajax=hehe...

6.5CVSS1.8AI score0.01047EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.13 views

WordPress IP2Location Country Blocker plugin <= 2.26.4 - Ban Bypass vulnerability

Ban Bypass vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.4. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.5...

6.5CVSS2.9AI score0.01047EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.23 views

WordPress IP2Location Country Blocker plugin <= 2.26.4 - Arbitrary Country Ban vulnerability

Arbitrary Country Ban by low privilege users vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.4. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.5...

7.1CVSS4.7AI score0.00537EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.24 views

IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. PoC Make an admin open a page with the following code in it,...

7.1CVSS3.5AI score0.00451EPSS
Exploits2References1Affected Software1
Kitploit
Kitploit
added 2017/09/01 9:0 p.m.20 views

Tulpar - Web Vulnerability Scanner

Tulpar is a open source web vulnerability scanner for written to make web penetration testing automated. Features Sql Injection GET Method XSS GET Method Crawl E-mail Disclosure Credit Card Disclosure Whois Command Injection GET Method Directory Traversal GET Method File Include GET Method Server...

6.9AI score
Exploits0References1
xssed
xssed
added 2008/02/14 12:0 a.m.10 views

Unfixed XSS vulnerability at www.ip2location.com

Security researcher RoMeO, has submitted on 14/02/2008 a cross-site-scripting XSS vulnerability affecting www.ip2location.com, which at the time of submission ranked 14646 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/04/2008. It is...

Exploits0References1
Rows per page
Query Builder