CVE-2022-50961

Name of the Vulnerable Software and Affected Versions IP2Location Country Blocker version 2.26.7

Description A stored cross-site scripting issue allows authenticated users to inject arbitrary JavaScript code via the Frontend Settings interface. Specifically, malicious scripts can be injected into the URL field of the Display page settings, which then execute when administrators or other authenticated users access the plugin settings page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.