WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

IP2Location Country Blocker < 2.26.5 - Ban Bypass

Description

The plugin bans can be bypassed by using a specific parameter in the URL

Proof of Concept

https://example.com/?admin-ajax=hehe

Affects Plugins

ip2location-country-blocker
Fixed in version 2.26.5

References

CVE
CVE-2021-25096
URL
https://plugins.trac.wordpress.org/changeset/2652469

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
e6dd140e-0c9d-41dc-821e-4910a13122c1

Timeline

Publicly Published

2022-01-06 (about 4 months ago)

Added

2022-01-06 (about 4 months ago)

Last Updated

2022-04-08 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin