CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22294 – WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-22294
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en IP2Location IP2Location Country Blocker. Este problema afecta a IP2Location Country Blocker: desde n/a hasta 2.33.3. The IP2Location Country Blocker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.3 via ip2location-country-blocker.php. This makes it possible for unauthenticated attackers to extract sensitive data including debug information. • https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25108 – IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
https://notcve.org/view.php?id=CVE-2021-25108
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. El plugin IP2Location Country Blocker de WordPress versiones anteriores a 2.26.6, no presenta una comprobación de tipo CSRF en la acción AJAX ip2location_country_blocker_save_rules, lo que permite a atacantes hacer que un administrador registrado bloquee un país arbitrario, o que los bloquee todos a la vez, impidiendo que los usuarios accedan al frontend • https://plugins.trac.wordpress.org/changeset/2653459 https://wpscan.com/vulnerability/9d416ca3-bd02-4fcf-b3b8-f2f2280d02d2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25095 – IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
https://notcve.org/view.php?id=CVE-2021-25095
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. El plugin IP2Location Country Blocker de WordPress antes de 2.26.5, no presenta comprobaciones de autorización y de tipo CSRF en la acción AJAX ip2location_country_blocker_save_rules, lo que permite a cualquier usuario autenticado, como el suscriptor, llamar y bloquear un país arbitrario, o los bloquee todos a la vez, impidiendo que usuarios accedan al frontend • https://plugins.trac.wordpress.org/changeset/2652469 https://wpscan.com/vulnerability/cbfa7211-ac1f-4cf2-bd79-ebce2fc4baa1 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25096 – IP2Location Country Blocker < 2.26.5 - Ban Bypass
https://notcve.org/view.php?id=CVE-2021-25096
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL El plugin IP2Location Country Blocker de WordPress versiones anteriores a 2.26.5, pueden omitirse usando un parámetro específico en la URL • https://plugins.trac.wordpress.org/changeset/2652469 https://wpscan.com/vulnerability/e6dd140e-0c9d-41dc-821e-4910a13122c1 • CWE-639: Authorization Bypass Through User-Controlled Key •