Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2022-50961

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page settings that execute when administrators or other authenticated users visit the plugin settings page.

VectorNETWORK

PublishedMay 10, 2026, 13:16

Published Bydisclosure@vulncheck.com

Base Score

Score6.4

Affected Versions

No affected versions found.

References

https://wordpress.org/plugins/ip2location-country-blocker/
https://www.exploit-db.com/exploits/50709
https://www.vulncheck.com/advisories/wordpress-plugin-ip2location-country-blocker-stored-xss

Weakness Type

CWE-79

CVSS Metrics

Base Score

5.1

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base SeverityMedium

Version

4.0

Attack Vector (AV)

NETWORK