CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32443 – WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32443
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker.This issue affects Download IP2Location Country Blocker: from n/a through 2.34.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IP2Location Download IP2Location Country Blocker. Este problema afecta a Download IP2Location Country Blocker: desde n/a hasta 2.34.2. The Download IP2Location Country Blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.34.2. This is due to missing or incorrect nonce validation on the validate_api_key() function. • https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-34-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22294 – WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-22294
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en IP2Location IP2Location Country Blocker. Este problema afecta a IP2Location Country Blocker: desde n/a hasta 2.33.3. The IP2Location Country Blocker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.3 via ip2location-country-blocker.php. This makes it possible for unauthenticated attackers to extract sensitive data including debug information. • https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37865 – WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability
https://notcve.org/view.php?id=CVE-2023-37865
Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en IP2Location Download IP2Location Country Blocker permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a Download IP2Location Country Blocker: desde n/a hasta 2.29.1. The Download IP2Location Country Blocker plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.29.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and access restrictions. • https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-29-1-ip-bypass-vulnerability-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25108 – IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
https://notcve.org/view.php?id=CVE-2021-25108
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. El plugin IP2Location Country Blocker de WordPress versiones anteriores a 2.26.6, no presenta una comprobación de tipo CSRF en la acción AJAX ip2location_country_blocker_save_rules, lo que permite a atacantes hacer que un administrador registrado bloquee un país arbitrario, o que los bloquee todos a la vez, impidiendo que los usuarios accedan al frontend • https://plugins.trac.wordpress.org/changeset/2653459 https://wpscan.com/vulnerability/9d416ca3-bd02-4fcf-b3b8-f2f2280d02d2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25095 – IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
https://notcve.org/view.php?id=CVE-2021-25095
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. El plugin IP2Location Country Blocker de WordPress antes de 2.26.5, no presenta comprobaciones de autorización y de tipo CSRF en la acción AJAX ip2location_country_blocker_save_rules, lo que permite a cualquier usuario autenticado, como el suscriptor, llamar y bloquear un país arbitrario, o los bloquee todos a la vez, impidiendo que usuarios accedan al frontend • https://plugins.trac.wordpress.org/changeset/2652469 https://wpscan.com/vulnerability/cbfa7211-ac1f-4cf2-bd79-ebce2fc4baa1 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •