Browse all 9 CVE security advisories affecting ip2location. AI-powered Chinese analysis, POCs, and references for each vulnerability.
IP2Location provides IP geolocation and mapping services for businesses requiring location-based intelligence. Historically, the service has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities in its web applications and APIs. The eight recorded CVEs reveal consistent weaknesses in input validation and access control mechanisms. While no major public security incidents have been documented, the pattern of vulnerabilities suggests potential risks for organizations relying on its data for security enforcement or fraud detection. Users should implement additional security layers when integrating IP2Location services into critical systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-50961 | WordPress Plugin IP2Location Country Blocker 2.26.7 Stored XSS — IP2Location Country BlockerCWE-79 | 6.4 | Medium | 2026-05-10 |
| CVE-2025-1361 | IP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function — IP2Location Country BlockerCWE-285 | 7.5 | High | 2025-02-22 |
| CVE-2024-22294 | WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure — IP2Location Country BlockerCWE-200 | 5.3 | Medium | 2024-01-24 |
This page lists every published CVE security advisory associated with ip2location. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.