CVE-2024-32443

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 61.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ip2location Country Blocker Ip2location Download Ip2location Country Blocker

Timeline

PublishedApr 15

Description

Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker.This issue affects Download IP2Location Country Blocker: from n/a through 2.34.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ip2location/download_ip2location_country_blockern/a — 2.34.2

▶NVDip2location/country_blocker< 2.34.3

🔴Vulnerability Details

CVEList

WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability↗2024-04-15

▶

GHSA

GHSA-h8rh-j63f-hx2c: Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker↗2024-04-15

▶