CVE-2021-25108

CVE-2021-25108: IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

Vendor Unknown

Product IP2Location Country Blocker

Weakness CWE-352 · CSRF

Published February 7, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend.

Key dates

02Disclosure timeline

February 7, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25108

Related vulnerabilities

04Related CVE

CVE-2025-8592 Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation CVE-2025-9895 Notification Bar <= 2.2 - Cross-Site Request Forgery CVE-2025-22669 WordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-9880 Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-6040 Missing client_id in parisneo/lollms-webui