PT-2026-6896 · WordPress · Advanced Country Blocker
Hector Flores
·
Published
2026-02-07
·
Updated
2026-02-07
·
CVE-2026-1675
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Advanced Country Blocker plugin for WordPress versions prior to 2.3.2
Description
The Advanced Country Blocker plugin for WordPress is susceptible to an authorization bypass. This is due to the use of a predictable default value for the secret bypass key during installation, which is not required to be changed by users. An unauthenticated attacker can bypass the geolocation blocking mechanism by appending this key to any URL on sites where the administrator has not modified the default value.
Recommendations
Update the Advanced Country Blocker plugin to version 2.3.2 or later.
Change the default secret bypass key to a strong, unique value.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advanced Country Blocker