← back
CVE-2022-50961

WordPress Plugin IP2Location Country Blocker 2.26.7 Stored XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page settings that execute when administrators or other authenticated users visit the plugin settings page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
IP2Location · IP2Location Country Blocker
public PoCs found1
cve_referencewww.exploit-db.com/exploits/50709unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wordpress.org/plugins/ip2location-country-blocker/https://www.exploit-db.com/exploits/50709https://www.vulncheck.com/advisories/wordpress-plugin-ip2location-country-blocker-stored-xss