Cyber Resilience

CVE-2025-1361

High

Published: 22 February 2025

Published
22 February 2025
Modified
06 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1913 95.5th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1361 is a high-severity Improper Authorization (CWE-285) vulnerability in Ip2Location Country Blocker. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-24 (Access Control Decisions).

Deeper analysis

The IP2Location Country Blocker plugin for WordPress is vulnerable to regular information exposure in all versions through 2.38.8. The root cause is missing capability checks on the admin_init() function, which allows unauthenticated access to plugin settings. The issue is tracked as CVE-2025-1361 with a CVSS 3.1 score of 7.5 and maps to CWE-285 and CWE-862.

Unauthenticated attackers can exploit the flaw over the network to retrieve the plugin's configuration data. Because the vulnerability requires no authentication or user interaction, remote adversaries can obtain sensitive settings that would otherwise be restricted to administrators.

A fix has been published in the WordPress plugin repository via changeset 3244193, and the vendor page lists updated releases beyond 2.38.8. The Wordfence advisory provides additional technical detail on the affected code path.

The EPSS score remains flat at 0.1913 with no material increase after disclosure.

EU & UK References

Vulnerability details

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the…

more

plugin's settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authorization in public-facing WordPress plugin directly enables remote unauthenticated information disclosure via exploitation of the exposed application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29926Shared CWE-285, CWE-862
CVE-2026-45209Shared CWE-862
CVE-2026-25026Shared CWE-862
CVE-2026-42083Shared CWE-862
CVE-2026-0656Shared CWE-862
CVE-2026-24532Shared CWE-862
CVE-2025-13603Shared CWE-862
CVE-2025-69063Shared CWE-862
CVE-2026-32252Shared CWE-285
CVE-2026-3045Shared CWE-862

Affected Assets

ip2location
country blocker
≤ 2.38.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to information and resources, directly mitigating the missing capability checks that allow unauthenticated attackers to view plugin settings.

prevent

Employs least privilege to ensure only authorized users with necessary capabilities can access sensitive admin functions like admin_init.

prevent

Requires explicit access control decisions for system resources such as plugin settings, addressing improper authorization mapped to CWE-285 and CWE-862.

References