WordPress Plugin Vulnerabilities

IP2Location Country Blocker < 2.26.5 - Ban Bypass

Description

The plugin bans can be bypassed by using a specific parameter in the URL

Proof of Concept

Affects Plugins

Plugin icon
ip2location-country-blocker
Fixed in 2.26.5

References

CVE
CVE-2021-25096
URL
https://plugins.trac.wordpress.org/changeset/2652469

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
e6dd140e-0c9d-41dc-821e-4910a13122c1

Timeline

Publicly Published
2022-01-06 (about 4 years ago)
Added
2022-01-06 (about 4 years ago)
Last Updated
2022-04-08 (about 3 years ago)

Other

Published
Title
Published
2017-01-26
Title
WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
Published
2023-10-24
Title
YOP Poll < 6.5.29 - Reusable Captcha via validateImage
Published
2022-12-27
Title
WP Limit Login Attempts <= 2.6.5 - IP Spoofing
Published
2020-08-21
Title
WooCommerce - NAB Transact < 2.1.2 - Payment Bypass
Published
2020-05-26
Title
Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass