EIP-2026-113840

This is a technical writeup detailing a stored XSS vulnerability in the WordPress plugin IP2Location Country Blocker version 2.26.7. The vulnerability arises from insufficient sanitization of user-supplied input in the 'Frontend Settings' interface, allowing authenticated users to inject arbitrary JavaScript code.