CVE-2022-50961

MEDIUM

WordPress Plugin IP2Location Country Blocker 2.26.7 Stored XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50961. PoCs published by Ahmet Serkan Ari.

AI-analyzed exploit summary This is a technical writeup detailing a stored XSS vulnerability in the WordPress plugin IP2Location Country Blocker version 2.26.7. The vulnerability arises due to insufficient sanitization of user-supplied input in the 'Frontend Settings' interface, allowing authenticated users to inject arbitrary JavaScript code.

Description

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page settings that execute when administrators or other authenticated users visit the plugin settings page.

Exploits (1)

exploitdb WRITEUP

by Ahmet Serkan Ari · textwebappsphp

https://www.exploit-db.com/exploits/50709

View Code ZIP pw:eip

This is a technical writeup detailing a stored XSS vulnerability in the WordPress plugin IP2Location Country Blocker version 2.26.7. The vulnerability arises due to insufficient sanitization of user-supplied input in the 'Frontend Settings' interface, allowing authenticated users to inject arbitrary JavaScript code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: IP2Location Country Blocker WordPress Plugin 2.26.7

Auth required

Prerequisites: Authenticated access to the WordPress admin panel · IP2Location Country Blocker plugin installed and activated

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 10, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-50709

https://www.exploit-db.com/exploits/50709

Product product

Product Reference

https://wordpress.org/plugins/ip2location-country-blocker/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin IP2Location Country Blocker 2.26.7 Stored XSS

https://www.vulncheck.com/advisories/wordpress-plugin-ip2location-country-blocker-stored-xss

Scores

CVSS v3 6.4

EPSS 0.0019

EPSS Percentile 8.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

IP2Location/IP2Location Country Blocker 2.26.7

Published May 10, 2026

Tracked Since May 10, 2026