Medium severity5.3NVD Advisory· Published Mar 1, 2025· Updated Jun 17, 2026
CVE-2025-1502
CVE-2025-1502
Description
The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download the plugin's settings.
Affected products
2<=1.33.3+ 1 more
- (no CPE)range: <=1.33.3
- (no CPE)range: <=1.33.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.