Login

Tag Archives: IP2Location Country Blocker

23 Feb 2024

How Our Customers Helped Make WordPress Plugins More Secure, Week of February 23

Our customers provide us with the ability to help make WordPress plugins more secure. Mostly, with plugins they use, but to a lesser extent other plugins. That work often goes unmentioned. So we are highlighting that to help to better understand what is going on and how signing up for our service can help to expand that work.

This week, we again found that vulnerability fixes in popular plugins were incomplete or hadn’t been applied to all the plugins they needed to be. Some of those have now been addressed, some haven’t. You can sign up for a free trial of our service to see if you are using plugins that are known to be vulnerable. We currently have data on plugins with at least 8.2 million installs that are known to be vulnerable and stillĀ  in the WordPress Plugin Directory. [Read more]

20 Feb 2024

Cross-Site Request Forgery (CSRF) Vulnerability in IP2Location Country Blocker

The changelog for the latest version of the WordPress pluginĀ IP2Location Country Blocker is “Fixed CSRF replace on API key value.” In looking into that, we found that there is still the same cross-site request forgery (CSRF) issue with a related function in the plugin.

[Read more]

4 Feb 2022

False Report of Vulnerability in IP2Location Country Blocker Leads to Finding Real Vulnerability

Today Packet Storm published a report claiming there is a persistent cross-site scripting (XSS) vulnerability in the plugin IP2Location Country Blocker. The report makes this claim:

An authenticated user is able to inject arbitrary Javascript or HTML code to the “Frontend Settings” interface available in settings page of the plugin (Country Blocker), due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the administrators or the other authenticated users. The plugin versions prior to 2.26.7 are affected by this vulnerability. [Read more]