WP-Safety

Advanced Country Blocker Security & Risk Analysis

wordpress.org/plugins/advanced-country-blocker

An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas …

2K active installs v2.3.2 PHP 7.2+ WP 5.0+ Updated Feb 6, 2026
blockingcountrygeolocationip-blockingsecurity
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 6, 2026
Plugin page Download
Safety Verdict

Is Advanced Country Blocker Safe to Use in 2026?

Generally Safe

Score 99/100

Advanced Country Blocker has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 6, 2026Updated 3mo ago
Risk Assessment

The advanced-country-blocker plugin exhibits a generally strong security posture with several positive indicators. The absence of unpatched vulnerabilities, a high percentage of SQL queries using prepared statements, and robust output escaping (98%) are commendable. The plugin also demonstrates good use of nonces and capability checks, with no immediately obvious unprotected entry points.

However, there are a couple of areas that warrant attention. The presence of two taint flows with unsanitized paths, despite not being classified as critical or high severity, suggests potential avenues for exploitation if input is not handled meticulously. While the number of file operations and external HTTP requests is not excessively high, these are common vectors for more complex attacks. The single medium-severity vulnerability in its history, even though patched, points to a past weakness in initialization logic, indicating that careful review of such components is necessary.

Overall, the plugin is well-maintained and adheres to many security best practices. The limited number and severity of past issues are positive. The primary area for vigilance lies in the identified unsanitized taint flows, which should be thoroughly investigated and mitigated to ensure continued security. The plugin's strengths lie in its proactive patching and good implementation of core WordPress security features.

Key Concerns

  • Taint flows with unsanitized paths
  • Past medium vulnerability (initialization)
Vulnerabilities
1 published

Advanced Country Blocker Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-1675medium · 5.3Initialization of a Resource with an Insecure Default

Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key

Feb 6, 2026 Patched in 2.3.2 (6d)
Version History

Advanced Country Blocker Release Timeline

v2.3.2Current
v2.3.11 CVE
CVE-2026-1675
v2.3.01 CVE
CVE-2026-1675
v2.2.01 CVE
CVE-2026-1675
v2.1.01 CVE
CVE-2026-1675
v2.0.41 CVE
CVE-2026-1675
v2.0.31 CVE
CVE-2026-1675
v2.0.21 CVE
CVE-2026-1675
v2.0.11 CVE
CVE-2026-1675
Code Analysis
Analyzed Mar 16, 2026

Advanced Country Blocker Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
20 prepared
Unescaped Output
3
138 escaped
Nonce Checks
6
Capability Checks
8
File Operations
5
External Requests
5
Bundled Libraries
0

SQL Query Safety

80% prepared25 total queries

Output Escaping

98% escaped141 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
advcb_handle_geoip_download (advanced-country-blocking.php:3636)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Advanced Country Blocker Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_advcb_get_live_monitor_dataadvanced-country-blocking.php:1916
authwp_ajax_advcb_verify_captchaadvanced-country-blocking.php:2713
noprivwp_ajax_advcb_verify_captchaadvanced-country-blocking.php:2714
authwp_ajax_advcb_get_dashboard_statsadvanced-country-blocking.php:3128
WordPress Hooks 16
actioninitadvanced-country-blocking.php:309
actionadmin_noticesadvanced-country-blocking.php:320
actionwp_enqueue_scriptsadvanced-country-blocking.php:463
actionwp_enqueue_scriptsadvanced-country-blocking.php:503
actioninitadvanced-country-blocking.php:535
actionadmin_initadvanced-country-blocking.php:738
actionadvcb_cleanup_logs_eventadvanced-country-blocking.php:757
filterregistration_errorsadvanced-country-blocking.php:798
filterregistration_errorsadvanced-country-blocking.php:831
actionadmin_menuadvanced-country-blocking.php:877
actioninitadvanced-country-blocking.php:1826
actionadvcb_block_recordedadvanced-country-blocking.php:1860
actionadvcb_record_blockadvanced-country-blocking.php:1868
actionadmin_noticesadvanced-country-blocking.php:3577
actionadmin_post_advcb_geoip_downloadadvanced-country-blocking.php:3762
actionadmin_post_advcb_geoip_uploadadvanced-country-blocking.php:3877

Scheduled Events 2

advcb_cleanup_logs_event
advcb_cleanup_logs_event
Maintenance & Trust

Advanced Country Blocker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version7.2
Downloads13K

Community Trust

Rating100/100
Number of ratings6
Active installs2K
Alternatives

Advanced Country Blocker Alternatives

WorkflowDone Geo Blocker

WorkflowDone Geo Blocker

workflowdone-geo-blocker

A
100

Block website access based on visitor's geographical location. Simple and effective geo-blocking for WordPress.

40 No CVEs
Geo Blocker – Control Site Access by Region and IP

Geo Blocker – Control Site Access by Region and IP

geo-blocker

A
92

🔐 Block or allow visitors by country. Track access attempts. View analytics. Stay in control — effortlessly.

700 No CVEs
Anti Browser DDoS Protection

Anti Browser DDoS Protection

anti-browser-ddos-protection

A
100

Protects WordPress from DDoS with rate limiting, bot detection, blocking, Cloudflare support, logs, charts, and bot list export/import.

80 No CVEs
Country Blocker and Geoblocker FREE

Country Blocker and Geoblocker FREE

block-website-access-by-region-lite

A
100

Block visitors by country in one click. Geo blocker with VPN detection, IP blocking & country restrictions. GDPR & CCPA compliance made easy.

80 No CVEs
Guardify Firewall

Guardify Firewall

guardify

A
100

Guardify is a powerful WordPress firewall plugin designed to protect your website from a wide range of threats, including brute force attacks, SQL inj &hellip;

10 No CVEs
Developer Profile

Advanced Country Blocker Developer Profile

brstefanovic

1 plugin · 2K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Country Blocker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-country-blocker/css/advcb-admin.css/wp-content/plugins/advanced-country-blocker/css/advcb-public.css/wp-content/plugins/advanced-country-blocker/js/advcb-admin.js/wp-content/plugins/advanced-country-blocker/js/advcb-public.js
Script Paths
/wp-content/plugins/advanced-country-blocker/js/advcb-public.js
Version Parameters
advanced-country-blocker/css/advcb-admin.css?ver=advanced-country-blocker/css/advcb-public.css?ver=advanced-country-blocker/js/advcb-admin.js?ver=advanced-country-blocker/js/advcb-public.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Advanced Country Blocker