CVE-2025-1361
Published: 22 February 2025
Summary
CVE-2025-1361 is a high-severity Improper Authorization (CWE-285) vulnerability in Ip2Location Country Blocker. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-24 (Access Control Decisions).
Deeper analysis
The IP2Location Country Blocker plugin for WordPress is vulnerable to regular information exposure in all versions through 2.38.8. The root cause is missing capability checks on the admin_init() function, which allows unauthenticated access to plugin settings. The issue is tracked as CVE-2025-1361 with a CVSS 3.1 score of 7.5 and maps to CWE-285 and CWE-862.
Unauthenticated attackers can exploit the flaw over the network to retrieve the plugin's configuration data. Because the vulnerability requires no authentication or user interaction, remote adversaries can obtain sensitive settings that would otherwise be restricted to administrators.
A fix has been published in the WordPress plugin repository via changeset 3244193, and the vendor page lists updated releases beyond 2.38.8. The Wordfence advisory provides additional technical detail on the affected code path.
The EPSS score remains flat at 0.1913 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4441
Vulnerability details
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the…
more
plugin's settings.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization in public-facing WordPress plugin directly enables remote unauthenticated information disclosure via exploitation of the exposed application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to information and resources, directly mitigating the missing capability checks that allow unauthenticated attackers to view plugin settings.
Employs least privilege to ensure only authorized users with necessary capabilities can access sensitive admin functions like admin_init.
Requires explicit access control decisions for system resources such as plugin settings, addressing improper authorization mapped to CWE-285 and CWE-862.