CVE-2025-24731

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 68.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ip2location Country Blocker Ip2location Download Ip2location Country Blocker

Timeline

PublishedJan 24

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IP2Location Download IP2Location Country Blocker ip2location-country-blocker allows Stored XSS.This issue affects Download IP2Location Country Blocker: from n/a through <= 2.38.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ip2location/download_ip2location_country_blocker2.38.3

▶NVDip2location/country_blocker< 2.38.4

🔴Vulnerability Details

CVEList

WordPress IP2Location Country Blocker plugin <= 2.38.3 - Cross Site Scripting (XSS) vulnerability↗2025-01-24

▶

GHSA

GHSA-pf3h-gh3r-gj26: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IP2Location Download IP2Location Country Blocker↗2025-01-24

▶