CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32443 – WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32443
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker.This issue affects Download IP2Location Country Blocker: from n/a through 2.34.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IP2Location Download IP2Location Country Blocker. Este problema afecta a Download IP2Location Country Blocker: desde n/a hasta 2.34.2. The Download IP2Location Country Blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.34.2. This is due to missing or incorrect nonce validation on the validate_api_key() function. • https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-34-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37865 – WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability
https://notcve.org/view.php?id=CVE-2023-37865
Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en IP2Location Download IP2Location Country Blocker permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a Download IP2Location Country Blocker: desde n/a hasta 2.29.1. The Download IP2Location Country Blocker plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.29.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and access restrictions. • https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-29-1-ip-bypass-vulnerability-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •