Lucene search
K

120 matches found

WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.25 views

IP2Location Country Blocker < 2.33.4 - Unauthenticated Sensitive Information Exposure via Debug Log File

Description The IP2Location Country Blocker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.3 via ip2location-country-blocker.php. This makes it possible for unauthenticated attackers to extract sensitive data including debug...

7.5CVSS6.6AI score0.00453EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/01/17 12:0 a.m.16 views

WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure

Software Download IP2Location Country Blocker Type Plugin Vulnerable versions = 2.33.3 Fixed in 2.33.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-22294 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dfbdc0d33c26 Credits Mi...

7.5CVSS6.5AI score0.00453EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/10 12:0 a.m.18 views

WordPress Download IP2Location Country Blocker Plugin <= 2.29.1 is vulnerable to Bypass Vulnerability

Software Download IP2Location Country Blocker Type Plugin Vulnerable versions = 2.29.1 Fixed in 2.29.2 OWASP Top 10 A3: Injection Classification Bypass Vulnerability CVE CVE-2023-37865 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a1b65359a367 Credits Mika Required...

5.3CVSS6.9AI score0.0035EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/03/31 12:0 a.m.12 views

Wordpress Plugin IP2Location Country Blocker Cross-Site Request Forgery Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...

7.1CVSS6.7AI score0.00451EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.20 views

Wordpress Plugin IP2Location Country Blocker Cross-Site Request Forgery Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...

7.1CVSS6.7AI score0.00451EPSS
Exploits2References1
OSV
OSV
added 2022/02/07 4:15 p.m.2 views

CVE-2021-25108

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...

7.1CVSS5.9AI score0.00451EPSS
Exploits2References2
NVD
NVD
added 2022/02/07 4:15 p.m.12 views

CVE-2021-25108

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...

7.1CVSS0.00451EPSS
Exploits2References2
NVD
NVD
added 2022/02/07 4:15 p.m.11 views

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

6.5CVSS0.01047EPSS
Exploits2References2
OSV
OSV
added 2022/02/07 4:15 p.m.3 views

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

6.5CVSS5.8AI score0.01047EPSS
Exploits2References2
NVD
NVD
added 2022/02/07 4:15 p.m.11 views

CVE-2021-25095

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...

7.1CVSS0.00537EPSS
Exploits2References2
OSV
OSV
added 2022/02/07 4:15 p.m.4 views

CVE-2021-25095

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...

7.1CVSS5.9AI score0.00537EPSS
Exploits2References2
Prion
Prion
added 2022/02/07 4:15 p.m.15 views

Cross site request forgery (csrf)

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...

5.8CVSS6.9AI score0.00451EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/02/07 4:15 p.m.14 views

Cross site request forgery (csrf)

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...

5.5CVSS6.9AI score0.00537EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/02/07 4:15 p.m.16 views

Design/Logic Flaw

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

6.4CVSS6.4AI score0.01047EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/02/07 3:47 p.m.17 views

CVE-2021-25108 IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...

7.1AI score0.00451EPSS
Exploits2References2
CVE
CVE
added 2022/02/07 3:47 p.m.43 views

CVE-2021-25108

CVE-2021-25108 affects the WordPress IP2Location Country Blocker plugin (versions before 2.26.6). The root cause is missing CSRF protection in the ip2location_country_blocker_save_rules AJAX action, enabling an attacker with logged-in admin privileges to ban a specific country or all countries, b...

7.1CVSS6.8AI score0.00451EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2022/02/07 3:47 p.m.56 views

CVE-2021-25096

The CVE-2021-25096 affects the WordPress plugin IP2Location Country Blocker prior to version 2.26.5 . The vulnerability enables a ban bypass by supplying a specific parameter in the URL (e.g., examples like ?admin-ajax=hehe). This is a URL-parameter-based bypass that undermines access controls wi...

6.5CVSS6.4AI score0.01047EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/02/07 3:47 p.m.16 views

CVE-2021-25096 IP2Location Country Blocker < 2.26.5 - Ban Bypass

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

6.7AI score0.01047EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.5 views

Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in th...

7.1CVSS7.1AI score0.00537EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.4 views

Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An Access Control Error vulnerability exists in the Wordpress...

6.5CVSS6.5AI score0.01047EPSS
Exploits2References3
Rows per page
Query Builder