Information Exposure Vulnerability in IP2Location Country Blocker Plugin for WordPress
CVE-2025-1361

7.5HIGH

Key Information:

Vendor: Ip2location
Status: Ip2location Country Blocker
Vendor: CVE Published:; 22 February 2025

Summary

The IP2Location Country Blocker plugin for WordPress has a vulnerability that allows unauthenticated attackers to access and view sensitive plugin settings. This issue arises from insufficient capability checks in the admin_init() function, affecting all versions up to and including 2.38.8. Website administrators should be aware of this vulnerability as it can lead to unauthorized information disclosure.

Affected Version(s)

IP2Location Country Blocker * <= 2.38.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/ip2location-country-blocker...

https://plugins.trac.wordpress.org/browser/ip2location-co...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Feb 15, 2025

Credit

abrahack