WordPress Plugin Vulnerabilities

iQ Block Country < 1.2.12 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape its blockcountry_blockmessage setting, which could lead to Stored Cross-Site Scripting issue

Affects Plugins

Plugin icon
iq-block-country
Fixed in 1.2.12

References

CVE
CVE-2021-36873

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Verified
No
WPVDB ID
ba93f085-2153-439b-9cda-7c5b09d3ed58

Timeline

Publicly Published
2021-07-17 (about 2 years ago)
Added
2021-09-23 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)

Other

Published
Title
Published
2022-02-04
Title
IP2Location Country Blocker < 2.26.9 - Admin+ Stored Cross-Site Scripting
Published
2015-10-09
Title
WPBakery Page Builder < 4.7.4 - Multiple Unspecified Cross-Site Scripting (XSS)
Published
2015-08-19
Title
WP Social Bookmarking Light <= 1.7.9 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2015-05-14
Title
Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)
Published
2021-09-08
Title
Twitter Friends Widget <= 3.1 - Reflected Cross-Site Scripting