120 matches found
Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in th...
PT-2022-9650 · WordPress · Ip2Location Country Blocker
Name of the Vulnerable Software and Affected Versions: IP2Location Country Blocker WordPress plugin versions prior to 2.26.5 Description: The issue concerns a lack of authorization and CSRF checks in the ip2location country blocker save rules AJAX action. This allows any authenticated users, such...
Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An Access Control Error vulnerability exists in the Wordpress...
CVE-2021-25095 IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...
WordPress IP2Location Country Blocker 2.26.7 Plugin - Stored Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan Bozogullarindan...
IP2Location Country Blocker < 2.26.9 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, enable Frontend Blocking and put the following payload in the Display page when visitor is blocked U...
IP2Location Country Blocker < 2.26.9 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, enable Frontend Blocking and put the following payload in the Display page when visitor is block...
WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting
Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Date: 02-02-2022 Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan...
WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Date: 02-02-2022 Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan...
WordPress IP2Location Country Blocker plugin <= 2.26.5 - Arbitrary Country Ban via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Country Ban via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.5. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.6...
IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. Make an admin open a page with the following code in it, whi...
IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...
IP2Location Country Blocker < 2.26.5 - Ban Bypass
The plugin bans can be bypassed by using a specific parameter in the URL PoC https://example.com/?admin-ajax=hehe...
IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...
IP2Location Country Blocker < 2.26.5 - Ban Bypass
The plugin bans can be bypassed by using a specific parameter in the URL https://example.com/?admin-ajax=hehe...
WordPress IP2Location Country Blocker plugin <= 2.26.4 - Ban Bypass vulnerability
Ban Bypass vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.4. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.5...
WordPress IP2Location Country Blocker plugin <= 2.26.4 - Arbitrary Country Ban vulnerability
Arbitrary Country Ban by low privilege users vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.4. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.5...
IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. PoC Make an admin open a page with the following code in it,...
Tulpar - Web Vulnerability Scanner
Tulpar is a open source web vulnerability scanner for written to make web penetration testing automated. Features Sql Injection GET Method XSS GET Method Crawl E-mail Disclosure Credit Card Disclosure Whois Command Injection GET Method Directory Traversal GET Method File Include GET Method Server...
Unfixed XSS vulnerability at www.ip2location.com
Security researcher RoMeO, has submitted on 14/02/2008 a cross-site-scripting XSS vulnerability affecting www.ip2location.com, which at the time of submission ranked 14646 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/04/2008. It is...