120 matches found
IP2Location Country Blocker < 2.33.4 - Unauthenticated Sensitive Information Exposure via Debug Log File
Description The IP2Location Country Blocker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.3 via ip2location-country-blocker.php. This makes it possible for unauthenticated attackers to extract sensitive data including debug...
WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure
Software Download IP2Location Country Blocker Type Plugin Vulnerable versions = 2.33.3 Fixed in 2.33.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-22294 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dfbdc0d33c26 Credits Mi...
WordPress Download IP2Location Country Blocker Plugin <= 2.29.1 is vulnerable to Bypass Vulnerability
Software Download IP2Location Country Blocker Type Plugin Vulnerable versions = 2.29.1 Fixed in 2.29.2 OWASP Top 10 A3: Injection Classification Bypass Vulnerability CVE CVE-2023-37865 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a1b65359a367 Credits Mika Required...
Wordpress Plugin IP2Location Country Blocker Cross-Site Request Forgery Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...
Wordpress Plugin IP2Location Country Blocker Cross-Site Request Forgery Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...
CVE-2021-25108
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...
CVE-2021-25108
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...
CVE-2021-25096
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...
CVE-2021-25096
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...
CVE-2021-25095
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...
CVE-2021-25095
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...
Cross site request forgery (csrf)
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...
Cross site request forgery (csrf)
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...
Design/Logic Flaw
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...
CVE-2021-25108 IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend...
CVE-2021-25108
CVE-2021-25108 affects the WordPress IP2Location Country Blocker plugin (versions before 2.26.6). The root cause is missing CSRF protection in the ip2location_country_blocker_save_rules AJAX action, enabling an attacker with logged-in admin privileges to ban a specific country or all countries, b...
CVE-2021-25096
The CVE-2021-25096 affects the WordPress plugin IP2Location Country Blocker prior to version 2.26.5 . The vulnerability enables a ban bypass by supplying a specific parameter in the URL (e.g., examples like ?admin-ajax=hehe). This is a URL-parameter-based bypass that undermines access controls wi...
CVE-2021-25096 IP2Location Country Blocker < 2.26.5 - Ban Bypass
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...
Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in th...
Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An Access Control Error vulnerability exists in the Wordpress...