WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

iq-block-country

Software

iQ Block Country

Vulnerable Versions

<= 1.2.11

Fixed in version

1.2.12

CVE

CVE-2021-36873

References

CVE-2021-36873
Plugin changelog

Credits

Vlad Visse (Patchstack Red Team)

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-07-18

CVSS 3.0 score

5.5

Medium

Requires high privilege user authentication like admin.

Are your websites subject to this vulnerability?

Details

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by Vlad Visse (Patchstack Red Team) in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.

Solution

Update the WordPress iQ Block Country plugin to the latest available version (at least 1.2.12).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Vulnerability Database

WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

iq-block-country

Software

iQ Block Country

Vulnerable Versions

<= 1.2.11

Fixed in version

1.2.12

CVE

CVE-2021-36873

References

CVE-2021-36873
Plugin changelog

Credits

Vlad Visse (Patchstack Red Team)

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-07-18

CVSS 3.0 score

5.5

Requires high privilege user authentication like admin.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by Vlad Visse (Patchstack Red Team) in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.

Solution

Update the WordPress iQ Block Country plugin to the latest available version (at least 1.2.12).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2021 Patchstack

© 2021 Patchstack

Vulnerability Database

WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

iq-block-country

Software

iQ Block Country

Vulnerable Versions

<= 1.2.11

Fixed in version

1.2.12

CVE

CVE-2021-36873

References

CVE-2021-36873 Plugin changelog

Credits

Vlad Visse (Patchstack Red Team)

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-07-18

CVSS 3.0 score

5.5

Requires high privilege user authentication like admin.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by Vlad Visse (Patchstack Red Team) in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.

Solution

Update the WordPress iQ Block Country plugin to the latest available version (at least 1.2.12).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2021 Patchstack

© 2021 Patchstack

CVE-2021-36873
Plugin changelog