WordPress Plugin Vulnerabilities

IP2Location Country Blocker < 2.38.9 - Unauthenticated Information Disclosure

Description

The plugin is vulnerable to Regular Information Exposure due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.

Affects Plugins

Plugin icon
ip2location-country-blocker
Fixed in 2.38.9

References

CVE
CVE-2025-1361
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b63bc2b6-1abc-4cfa-a7e5-3995640f66a7

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
abrahack
Verified
No
WPVDB ID
3629be51-7c7e-4677-917f-a0693df3980f

Timeline

Publicly Published
2025-02-21 (about 1 year ago)
Added
2025-02-22 (about 1 year ago)
Last Updated
2025-02-22 (about 1 year ago)

Other

Published
Title
Published
2025-12-04
Title
SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure
Published
2024-02-20
Title
Backup Bolt < 1.4.0 - Sensitive Data Exposure
Published
2024-05-21
Title
NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure
Published
2024-10-09
Title
Keep Backup Daily <= 2.1.2 - Unauthenticated Information Disclosure
Published
2026-01-21
Title
Tabby Checkout < 5.9.1 - Unauthenticated Information Exposure