IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend.

N/A

跨站请求伪造(CSRF)

Wordpress Plugin IP2Location Country Blocker 跨站请求伪造漏洞

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 Wordpress Plugin IP2Location Country Blocker 中存在跨站请求伪造漏洞，该漏洞源于产品的ip2location_country_blocker_save_rules链接未对用户身份做有效验证。攻击者可通过该漏洞向服务端发送非预期的请求。以下产品及版本受到影

N/A

N/A