Does Advanced Country Blocker have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Country Blocker have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Country Blocker compatible with WordPress 6.9.4?

According to WordPress.org data, Advanced Country Blocker 2.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Advanced Country Blocker compatible with PHP 7.2+?

Advanced Country Blocker requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Advanced Country Blocker updated?

Advanced Country Blocker was last updated on Feb 6, 2026. Frequent updates are generally a positive security signal.

What is Advanced Country Blocker's security score?

Advanced Country Blocker has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Country Blocker Security & Risk Analysis

wordpress.org/plugins/advanced-country-blocker

An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas …

2K active installs v2.3.2 PHP 7.2+ WP 5.0+ Updated Feb 6, 2026

blockingcountrygeolocationip-blockingsecurity

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 6, 2026

Plugin page Download

Safety Verdict

Is Advanced Country Blocker Safe to Use in 2026?

Generally Safe

Score 99/100

Advanced Country Blocker has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 6, 2026Updated 1mo ago

Risk Assessment

The advanced-country-blocker plugin exhibits a generally strong security posture with several positive indicators. The absence of unpatched vulnerabilities, a high percentage of SQL queries using prepared statements, and robust output escaping (98%) are commendable. The plugin also demonstrates good use of nonces and capability checks, with no immediately obvious unprotected entry points.

However, there are a couple of areas that warrant attention. The presence of two taint flows with unsanitized paths, despite not being classified as critical or high severity, suggests potential avenues for exploitation if input is not handled meticulously. While the number of file operations and external HTTP requests is not excessively high, these are common vectors for more complex attacks. The single medium-severity vulnerability in its history, even though patched, points to a past weakness in initialization logic, indicating that careful review of such components is necessary.

Overall, the plugin is well-maintained and adheres to many security best practices. The limited number and severity of past issues are positive. The primary area for vigilance lies in the identified unsanitized taint flows, which should be thoroughly investigated and mitigated to ensure continued security. The plugin's strengths lie in its proactive patching and good implementation of core WordPress security features.

Key Concerns

Taint flows with unsanitized paths
Past medium vulnerability (initialization)

Vulnerabilities

Advanced Country Blocker Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-1675medium · 5.3Initialization of a Resource with an Insecure Default

Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key

Feb 6, 2026 Patched in 2.3.2 (6d)

Code Analysis

Analyzed Mar 16, 2026

Advanced Country Blocker Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

138 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared25 total queries

Output Escaping

98% escaped141 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

advcb_handle_geoip_download (advanced-country-blocking.php:3636)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Advanced Country Blocker Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_advcb_get_live_monitor_dataadvanced-country-blocking.php:1916

authwp_ajax_advcb_verify_captchaadvanced-country-blocking.php:2713

noprivwp_ajax_advcb_verify_captchaadvanced-country-blocking.php:2714

authwp_ajax_advcb_get_dashboard_statsadvanced-country-blocking.php:3128

WordPress Hooks 16

actioninitadvanced-country-blocking.php:309

actionadmin_noticesadvanced-country-blocking.php:320

actionwp_enqueue_scriptsadvanced-country-blocking.php:463

actionwp_enqueue_scriptsadvanced-country-blocking.php:503

actioninitadvanced-country-blocking.php:535

actionadmin_initadvanced-country-blocking.php:738

actionadvcb_cleanup_logs_eventadvanced-country-blocking.php:757

filterregistration_errorsadvanced-country-blocking.php:798

filterregistration_errorsadvanced-country-blocking.php:831

actionadmin_menuadvanced-country-blocking.php:877

actioninitadvanced-country-blocking.php:1826

actionadvcb_block_recordedadvanced-country-blocking.php:1860

actionadvcb_record_blockadvanced-country-blocking.php:1868

actionadmin_noticesadvanced-country-blocking.php:3577

actionadmin_post_advcb_geoip_downloadadvanced-country-blocking.php:3762

actionadmin_post_advcb_geoip_uploadadvanced-country-blocking.php:3877

Scheduled Events 2

advcb_cleanup_logs_event

Maintenance & Trust

Advanced Country Blocker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 6, 2026

PHP min version7.2

Downloads12K

Community Trust

Rating100/100

Number of ratings6

Active installs2K

Alternatives

Advanced Country Blocker Alternatives

WorkflowDone Geo Blocker

workflowdone-geo-blocker

100

Block website access based on visitor's geographical location. Simple and effective geo-blocking for WordPress.

40 No CVEs

Geo Blocker – Control Site Access by Region and IP

geo-blocker

100

🔐 Block or allow visitors by country. Track access attempts. View analytics. Stay in control — effortlessly.

700 No CVEs

Country Blocker and Geoblocker FREE

block-website-access-by-region-lite

100

Block visitors by country in one click. Geo blocker with VPN detection, IP blocking & country restrictions. GDPR & CCPA compliance made easy.

90 No CVEs

Anti Browser DDoS Protection

anti-browser-ddos-protection

100

Protects WordPress from DDoS with rate limiting, bot detection, blocking, Cloudflare support, logs, charts, and bot list export/import.

60 No CVEs

NoHackMe Defender

nohackme-defender

Enhance your WordPress security by blocking IPs that send too many or suspicious requests.

20 No CVEs

Developer Profile

Advanced Country Blocker Developer Profile

brstefanovic

1 plugin · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Country Blocker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-country-blocker/css/advcb-admin.css/wp-content/plugins/advanced-country-blocker/css/advcb-public.css/wp-content/plugins/advanced-country-blocker/js/advcb-admin.js/wp-content/plugins/advanced-country-blocker/js/advcb-public.js

Script Paths

/wp-content/plugins/advanced-country-blocker/js/advcb-public.js

Version Parameters

advanced-country-blocker/css/advcb-admin.css?ver=advanced-country-blocker/css/advcb-public.css?ver=advanced-country-blocker/js/advcb-admin.js?ver=advanced-country-blocker/js/advcb-public.js?ver=

HTML / DOM Fingerprints

FAQ