CVE-2025-1361 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing c…
High CVSS: 7.5

CVE-2025-1361

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.
Vendor
Ip2location
Product
Country Blocker
CWE
CWE-285
Yayın Tarihi
2025-02-22 09:15:24
Güncelleme
2025-03-06 19:02:18
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-285 Country Blocker HIGH Ip2location 2025

Referanslar

https://plugins.trac.wordpress.org/browser/ip2location-country-blocker/trunk/ip2location-country-blocker.php#L114 https://plugins.trac.wordpress.org/changeset/3244193/ https://wordpress.org/plugins/ip2location-country-blocker/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/b63bc2b6-1abc-4cfa-a7e5-3995640f66a7?source=cve