{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1502", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-20T18:22:24.762Z", "datePublished": "2025-03-01T06:39:28.059Z", "dateUpdated": "2026-04-08T17:18:46.424Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:18:46.424Z"}, "affected": [{"vendor": "ip2location", "product": "IP2Location Redirection", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.33.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download the plugin's settings."}], "title": "IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bca41dd8-5bd3-4fee-9f3f-feb8f1a4c687?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244195%40ip2location-redirection&new=3244195%40ip2location-redirection&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "timeline": [{"time": "2025-02-28T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-03T20:54:52.216110Z", "id": "CVE-2025-1502", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T20:57:12.075Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-03T20:54:52.216110Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T20:54:53.404Z"}}], "cna": {"title": "IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export", "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "ip2location", "product": "IP2Location Redirection", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.33.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-28T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bca41dd8-5bd3-4fee-9f3f-feb8f1a4c687?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244195%40ip2location-redirection&new=3244195%40ip2location-redirection&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download the plugin's settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:18:46.424Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1502", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:18:46.424Z", "dateReserved": "2025-02-20T18:22:24.762Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-01T06:39:28.059Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download the plugin's settings."}, {"lang": "es", "value": "El complemento IP2Location Redirection para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la acci\u00f3n AJAX 'download_ip2location_redirection_backup' en todas las versiones hasta la 1.33.3 incluida. Esto hace posible que atacantes no autenticados descarguen la configuraci\u00f3n del complemento."}], "id": "CVE-2025-1502", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-01T07:15:11.183", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244195%40ip2location-redirection&new=3244195%40ip2location-redirection&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bca41dd8-5bd3-4fee-9f3f-feb8f1a4c687?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T22:10:54.297252+00:00", "value": {"mitigation_remediation": ["Upgrade the IP2Location Redirection plugin to the latest version available that is newer than 1.33.3.", "If an update cannot be applied immediately, block or remove the \"download_ip2location_redirection_backup\" AJAX action by adding a code snippet that declines requests without proper capability.", "After remediation, review other AJAX handlers in the plugin to ensure no similar authorization gaps exist and monitor logs for attempts to access exported settings."], "summary": {"action": "Immediate Patch", "impact": "Access to plugin settings can be obtained by unauthenticated users"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the IP2Location Redirection plugin versions up to and including 1.33.3 are affected. The issue is present in all releases of the plugin through 1.33.3 and affects any instance where the plugin is installed, regardless of theme or other plugins.", "description_and_impact": "The plugin fails to verify user permissions for the AJAX action that provides a backup of all settings, allowing anyone who can reach the endpoint to retrieve confidential configuration data. The weakness is a classic missing authorization flaw as described by CWE\u2011862. The impact is the disclosure of sensitive configuration that could assist in further attacks against the WordPress site.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% shows a low probability of exploitation today; the vulnerability is not yet listed in the CISA KEV catalog. Attackers can trigger the flaw by sending an unauthenticated HTTP request to the AJAX URL for download_ip2location_redirection_backup, which returns the full backup file. Because no authentication checks occur, the data is exposed without restrictions."}}}}, "created": "2026-04-21T22:15:45.904165+00:00", "updated": "2026-04-21T22:15:45.904176+00:00", "vendors": []}