CVE-2025-1361

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IP2Location Country Blocker versions up to, and including, 2.38.8

Description The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure due to missing capability checks on the admin init() function. This allows unauthenticated attackers to view the plugin's settings.

Recommendations For versions up to, and including, 2.38.8, update to a version that includes the necessary capability checks for the admin init() function to prevent unauthenticated access to the plugin's settings. As a temporary workaround, consider restricting access to the admin init() function until a patch is available.

Fix

Improper Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-862

Related Identifiers

CVE-2025-1361

Affected Products

Ip2Location Country Blocker

CVE-2025-1361

Weakness Enumeration

Related Identifiers

Affected Products

References · 12