Vulnerabilities > CVE-2021-25095 - Missing Authorization vulnerability in Ip2Location Country Blocker

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

ip2location

CWE-862

NVD

Published: 2022-02-07

Updated: 2022-12-09

Summary

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend.

Vulnerable Configurations

Part	Description	Count
Application	Ip2Location Ip2Location Country Blocker - Ip2Location Country Blocker 1.19.18 Ip2Location Country Blocker 1.25.15 Ip2Location Country Blocker 2.7.4 Ip2Location Country Blocker 2.7.5 Ip2Location Country Blocker 2.8.0 Ip2Location Country Blocker 2.8.1 Ip2Location Country Blocker 2.8.5 Ip2Location Country Blocker 2.8.6 Ip2Location Country Blocker 2.8.7 Ip2Location Country Blocker 2.10.0 Ip2Location Country Blocker 2.10.2 Ip2Location Country Blocker 2.10.3 Ip2Location Country Blocker 2.10.4 Ip2Location Country Blocker 2.11.0 Ip2Location Country Blocker 2.11.1 Ip2Location Country Blocker 2.11.2 Ip2Location Country Blocker 2.11.3 Ip2Location Country Blocker 2.12.0 Ip2Location Country Blocker 2.13.0 Ip2Location Country Blocker 2.13.1 Ip2Location Country Blocker 2.13.2 Ip2Location Country Blocker 2.14.0 Ip2Location Country Blocker 2.14.1 Ip2Location Country Blocker 2.14.2 Ip2Location Country Blocker 2.14.3 Ip2Location Country Blocker 2.14.4 Ip2Location Country Blocker 2.14.5 Ip2Location Country Blocker 2.14.6 Ip2Location Country Blocker 2.15.0 Ip2Location Country Blocker 2.15.1 Ip2Location Country Blocker 2.15.2 Ip2Location Country Blocker 2.15.3 Ip2Location Country Blocker 2.16.0 Ip2Location Country Blocker 2.17.0 Ip2Location Country Blocker 2.17.1 Ip2Location Country Blocker 2.17.2 Ip2Location Country Blocker 2.17.3 Ip2Location Country Blocker 2.17.4 Ip2Location Country Blocker 2.17.5 Ip2Location Country Blocker 2.17.6 Ip2Location Country Blocker 2.18.0 Ip2Location Country Blocker 2.18.1 Ip2Location Country Blocker 2.19.0 Ip2Location Country Blocker 2.19.1 Ip2Location Country Blocker 2.19.2 Ip2Location Country Blocker 2.19.3 Ip2Location Country Blocker 2.19.4 Ip2Location Country Blocker 2.19.5 Ip2Location Country Blocker 2.19.6 Ip2Location Country Blocker 2.19.7 Ip2Location Country Blocker 2.19.8 Ip2Location Country Blocker 2.19.9 Ip2Location Country Blocker 2.19.10 Ip2Location Country Blocker 2.19.11 Ip2Location Country Blocker 2.19.12 Ip2Location Country Blocker 2.19.13 Ip2Location Country Blocker 2.19.14 Ip2Location Country Blocker 2.19.15 Ip2Location Country Blocker 2.19.17 Ip2Location Country Blocker 2.19.19 Ip2Location Country Blocker 2.19.20 Ip2Location Country Blocker 2.19.21 Ip2Location Country Blocker 2.20.0 Ip2Location Country Blocker 2.20.1 Ip2Location Country Blocker 2.20.2 Ip2Location Country Blocker 2.21.0 Ip2Location Country Blocker 2.21.1 Ip2Location Country Blocker 2.21.2 Ip2Location Country Blocker 2.22.0 Ip2Location Country Blocker 2.22.1 Ip2Location Country Blocker 2.23.0 Ip2Location Country Blocker 2.23.1 Ip2Location Country Blocker 2.24.0 Ip2Location Country Blocker 2.24.1 Ip2Location Country Blocker 2.25.0 Ip2Location Country Blocker 2.25.1 Ip2Location Country Blocker 2.25.2 Ip2Location Country Blocker 2.25.3 Ip2Location Country Blocker 2.25.4 Ip2Location Country Blocker 2.25.5 Ip2Location Country Blocker 2.25.6 Ip2Location Country Blocker 2.25.7 Ip2Location Country Blocker 2.25.8 Ip2Location Country Blocker 2.25.9 Ip2Location Country Blocker 2.25.10 Ip2Location Country Blocker 2.25.11 Ip2Location Country Blocker 2.25.12 Ip2Location Country Blocker 2.25.13 Ip2Location Country Blocker 2.25.14 Ip2Location Country Blocker 2.25.16 Ip2Location Country Blocker 2.25.17 Ip2Location Country Blocker 2.26.0 Ip2Location Country Blocker 2.26.1 Ip2Location Country Blocker 2.26.2 Ip2Location Country Blocker 2.26.3 Ip2Location Country Blocker 2.26.4	97

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References