{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1361", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-15T23:27:42.878Z", "datePublished": "2025-02-22T08:22:06.982Z", "dateUpdated": "2026-04-08T17:17:23.404Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:23.404Z"}, "affected": [{"vendor": "ip2location", "product": "IP2Location Country Blocker", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.38.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings."}], "title": "IP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b63bc2b6-1abc-4cfa-a7e5-3995640f66a7?source=cve"}, {"url": "https://wordpress.org/plugins/ip2location-country-blocker/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/ip2location-country-blocker/trunk/ip2location-country-blocker.php#L114"}, {"url": "https://plugins.trac.wordpress.org/changeset/3244193/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285 Improper Authorization", "cweId": "CWE-285", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "abrahack"}], "timeline": [{"time": "2025-02-21T19:56:54.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-24T16:14:43.757854Z", "id": "CVE-2025-1361", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T16:16:32.367Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1361", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-24T16:14:43.757854Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T16:16:25.420Z"}}], "cna": {"title": "IP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function", "credits": [{"lang": "en", "type": "finder", "value": "abrahack"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "ip2location", "product": "IP2Location Country Blocker", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.38.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-21T19:56:54.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b63bc2b6-1abc-4cfa-a7e5-3995640f66a7?source=cve"}, {"url": "https://wordpress.org/plugins/ip2location-country-blocker/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/ip2location-country-blocker/trunk/ip2location-country-blocker.php#L114"}, {"url": "https://plugins.trac.wordpress.org/changeset/3244193/"}], "descriptions": [{"lang": "en", "value": "The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:23.404Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1361", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:17:23.404Z", "dateReserved": "2025-02-15T23:27:42.878Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-22T08:22:06.982Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings."}], "id": "CVE-2025-1361", "lastModified": "2025-02-22T09:15:24.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-02-22T09:15:24.033", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ip2location-country-blocker/trunk/ip2location-country-blocker.php#L114"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3244193/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/ip2location-country-blocker/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b63bc2b6-1abc-4cfa-a7e5-3995640f66a7?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T19:07:59.631768+00:00", "value": {"mitigation_remediation": ["Update the IP2Location Country Blocker plugin to version 2.38.9 or later", "Replace the old plugin with a verified version that includes proper capability checks", "If an immediate update is not possible, restrict unauthenticated access to the WordPress admin area via .htaccess or a firewall rule", "Deploy a monitoring solution that alerts on unauthorized attempts to the plugin\u2019s settings endpoint"], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed any version of the IP2Location Country Blocker plugin up to and including 2.38.8 are affected. The vulnerability is consistent across all affected releases; no specific PHP or WordPress version causes additional risk beyond the plugin\u2019s version constraint.", "description_and_impact": "The IP2Location Country Blocker plugin for WordPress contains a missing capability check in the admin_init() function, allowing unauthenticated attackers to access the plugin\u2019s settings page. This results in a Regular Information Exposure vulnerability rather than code execution. The exposed information may include configuration options and potentially sensitive data such as country block lists, which could be leveraged to facilitate further attacks or compromise site integrity. The weakness is a classic Authorization check failure, formally identified as CWE-285.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, and the EPSS score of 8% suggests a higher likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is unauthenticated HTTP requests to the plugin\u2019s admin endpoint, as the authorization check is absent. An attacker can simply visit or probe the settings page to retrieve configuration data."}}}}, "created": "2026-04-21T00:00:13.358592+00:00", "updated": "2026-04-28T19:15:25.453390+00:00", "vendors": []}