[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSPYqy8HNWcxmZBs0gBa-MuGdCaAOqMxdQgF4bne02jQ":3,"$ff8g2UxKrn1L6vit3JWVGLw4nEi8i8bSGbRbgvYqkeKU":278,"$fzLHgO9pmcsJ92ZszxS2SUk35SA-5lXDeDC8s6aDGc1U":283},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":47,"crawl_stats":35,"alternatives":54,"analysis":158,"fingerprints":261},"block-country","Block Country","1.0","nitinmaurya12","https:\u002F\u002Fprofiles.wordpress.org\u002Fnitinmaurya12\u002F","\u003Cp>Set country and IP to block your website. You can also set IP address to unblock for any special IP Address.\u003C\u002Fp>\n","Set country and IP to block your website. You can also set IP address to unblock for any special IP Address.",70,5788,60,6,"2013-12-10T22:05:00.000Z","3.6.1","3.2","",[4,20,21],"block-ip-address","unblock-any-ip-address","http:\u002F\u002Fnitinmaurya.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-country.zip",63,1,"2025-10-13 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":35,"patch_diff_files":44,"patch_trac_url":35,"research_status":35,"research_verified":45,"research_rounds_completed":46,"research_plan":35,"research_summary":35,"research_vulnerable_code":35,"research_fix_diff":35,"research_exploit_outline":35,"research_model_used":35,"research_started_at":35,"research_completed_at":35,"research_error":35,"poc_status":35,"poc_video_id":35,"poc_summary":35,"poc_steps":35,"poc_tested_at":35,"poc_wp_version":35,"poc_php_version":35,"poc_playwright_script":35,"poc_exploit_code":35,"poc_has_trace":45,"poc_model_used":35,"poc_verification_depth":35},"CVE-2025-48077","block-country-cross-site-request-forgery","Block Country \u003C= 1.0 - Cross-Site Request Forgery","The Block Country plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-10-22 20:42:17",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5f884516-85c8-4ef5-8d49-caa707433c4f?source=api-prod",[],false,0,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},5,110,84,30,83,"2026-05-19T20:31:58.890Z",[55,80,103,121,141],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":50,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":75,"download_link":76,"security_score":77,"vuln_count":78,"unpatched_count":46,"last_vuln_date":79,"fetched_at":27},"ip2location-country-blocker","IP2Location Country Blocker","2.41.2","IP2Location","https:\u002F\u002Fprofiles.wordpress.org\u002Fip2location\u002F","\u003Cp>\u003Cem>This plugin will NOT work if any cache plugin is enabled.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This plugin enables user to block unwanted traffic from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers. It helps to reduce spam and unwanted sign ups easily by preventing unwanted visitors from browsing a particular page or entire website.\u003C\u002Fp>\n\u003Cp>Key Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allow you to block the access from multiple countries.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by country grouping, such as EU, APAC, and so on.\u003C\u002Fli>\n\u003Cli>Allow you to block the access from anonymous proxies.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by IP ranges.\u003C\u002Fli>\n\u003Cli>Allow you to whitelist the crawler, for example, Google, Bing, Yandex, and so on, to index your pages (SEO friendly).\u003C\u002Fli>\n\u003Cli>Supports IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>Default to 403 error (Permission Denied) display\u003C\u002Fli>\n\u003Cli>Allow you to customize your own 403 page.\u003C\u002Fli>\n\u003Cli>Send you an email notification if some one is trying to access your admin area.\u003C\u002Fli>\n\u003Cli>Provide you statistical report of traffics blocked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin supports both IP2Location BIN data and web service for IP geolocation lookup. If you would like to use the IP2Location geolocation BIN data, you can easily download and update the BIN data via the plugin settings page. Alternatively, you can also download and update the BIN data file manually using the below links:\u003C\u002Fp>\n\u003Cp>IP Geolocation file download:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flite.ip2location.com\" title=\"IP2Location LITE database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy LITE database (Free)\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fip2location.com\" title=\"IP2Location commercial database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy Commercial database (Comprehensive)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To use the IP2Location IP geolocation web service (REST API) for geolocation, you’ll need to register an account at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.io\" title=\"IP2Location.io IP Geolocation API\" rel=\"nofollow ugc\">IP2Location.io IP Geolocation API\u003C\u002Fa>. A free plan is available.\u003C\u002Fp>\n\u003Ch4>More Information\u003C\u002Fh4>\n\u003Cp>Please visit us at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"https:\u002F\u002Fwww.ip2location.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.ip2location.com\u003C\u002Fa>\u003C\u002Fp>\n","Blocks unwanted visitors from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers.",30000,1636207,124,"2025-12-03T07:19:00.000Z","6.9.4","4.6","7.4",[4,71,72,73,74],"block-proxy","ip-address","ip2location","redirection","https:\u002F\u002Fip2location.com\u002Fresources\u002Fwordpress-ip2location-country-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip2location-country-blocker.2.41.2.zip",93,9,"2025-02-21 19:56:54",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":67,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":46,"unpatched_count":46,"last_vuln_date":35,"fetched_at":27},"login-ip-country-restriction","Login IP & Country Restriction","6.8.1","Iulia Cazan","https:\u002F\u002Fprofiles.wordpress.org\u002Fiulia-cazan\u002F","\u003Cp>This plugin hooks in the authenticate filter. By default, the plugin is set to allow all access and you can configure the plugin to allow the login only from some specified IPs or the specified countries. PLEASE MAKE SURE THAT YOU CONFIGURE THE PLUGIN TO ALLOW YOUR OWN ACCESS. If you set a restriction by IP, then you have to add your own IP (if you are using the plugin in a local setup the IP is 127.0.0.1 or ::1, this is added in your list by default). If you set a restriction by country, then you have to select from the list of countries at least your country. Both types of restrictions work independent, so you can set only one type of restriction or both if you want. Also, you can configure the redirects to frontpage when the URLs are accessed by someone that has a restriction. The restriction is either by country, or not in the specified IPs list.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Tighten your website security and fight against dictionary bot attacks originating from other countries, by denying access.",7000,113472,92,51,"2025-11-22T14:06:00.000Z","5.1","7.2",[4,96,97,98,99],"block-ip","country-firewall","country-restriction","login-restriction","https:\u002F\u002Fiuliacazan.ro\u002Flogin-ip-country-restriction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-ip-country-restriction.6.8.1.zip",100,{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":102,"num_ratings":113,"last_updated":114,"tested_up_to":67,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":18,"download_link":120,"security_score":102,"vuln_count":46,"unpatched_count":46,"last_vuln_date":35,"fetched_at":27},"country-access-blocker","Country Access Blocker","1.6","Valeri Kluger","https:\u002F\u002Fprofiles.wordpress.org\u002Fvalerikluger\u002F","\u003Cp>Country Access Blocker lets you restrict or allow access to your WordPress site based on visitor countries.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Block visitors from specific countries\u003Cbr \u002F>\n* Clean, GDPR-compliant country list\u003Cbr \u002F>\n* Easy admin interface to configure blocked countries\u003Cbr \u002F>\n* Enable or disable IP-based country blocking with one checkbox\u003Cbr \u002F>\n* No external dependencies or WooCommerce required\u003Cbr \u002F>\n* Uses ip-api.com free API for geolocation\u003C\u002Fp>\n\u003Cp>This plugin is ideal if you want to restrict access from certain countries or comply with geo-based regulations.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or bug reports, please open an issue on the plugin’s GitHub repository or contact the author.\u003C\u002Fp>\n","Block or allow website visitors from specific countries based on IP geolocation.",600,2056,2,"2026-01-24T22:53:00.000Z","5.0",[4,96,117,118,119],"country-blocker","geo-blocking","ip-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountry-access-blocker.1.6.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":46,"num_ratings":46,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":138,"download_link":139,"security_score":140,"vuln_count":46,"unpatched_count":46,"last_vuln_date":35,"fetched_at":27},"restrict-country-access","Restrict Country Access","1.1.0","Bili Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fbiliplugins\u002F","\u003Cp>Sometimes we need to block access of WordPress site in some Country.\u003C\u002Fp>\n\u003Cp>This plugin will fulfill the requirement of Restricting WordPress site in selected Country.\u003C\u002Fp>\n\u003Ch3>How to use?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to “Block Country” tab in backend.\u003C\u002Fli>\n\u003Cli>Select Country which you want to restrict. ( You can select Multiple countries as well )\u003C\u002Fli>\n\u003Cli>Select Page where you want to redirect Restricted Country.\u003C\u002Fli>\n\u003C\u002Ful>\n","Sometimes we need to block access of WordPress site in some Country.",40,4268,"2023-01-10T07:43:00.000Z","6.1.10","4.0","5.6",[136,4,137],"biliplugins","blockcountry","https:\u002F\u002Fbhargavb.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-country-access.1.1.0.zip",85,{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":51,"downloaded":149,"rating":46,"num_ratings":46,"last_updated":150,"tested_up_to":67,"requires_at_least":151,"requires_php":94,"tags":152,"homepage":156,"download_link":157,"security_score":102,"vuln_count":46,"unpatched_count":46,"last_vuln_date":35,"fetched_at":27},"block-ip-address-for-woocommerce","Block IP Address for WooCommerce","1.0.4","wpcraftnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcraftnet\u002F","\u003Cp>\u003Cstrong>Block IP Address for WooCommerce\u003C\u002Fstrong> is a powerful, lightweight, and easy-to-use plugin that allows you to \u003Cstrong>block IP addresses in WooCommerce\u003C\u002Fstrong> and protect your online store from spam, bots, and unwanted visitors.\u003C\u002Fp>\n\u003Cp>With this plugin, you can \u003Cstrong>restrict access to your WooCommerce shop, homepage, or specific product categories\u003C\u002Fstrong> using simple IP-based rules. When a visitor’s IP address matches a blocked entry, they are automatically redirected to a page of your choice.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for store owners who want to \u003Cstrong>block IP address in WooCommerce,\u003C\u002Fstrong> control user access, and improve website security without any complex configuration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Block IP Addresses?\u003C\u002Fstrong>\u003Cbr \u002F>\n– Easily block IP address in WooCommerce\u003Cbr \u002F>\n– Prevent spam, bots, and malicious traffic\u003Cbr \u002F>\n– Improve store security with IP-based restrictions\u003Cbr \u002F>\n– Control who can access your shop or categories\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Easily add & manage blocked IP addresses.\u003Cbr \u002F>\n– Define \u003Cstrong>block duration\u003C\u002Fstrong> using start and end dates.\u003Cbr \u002F>\n– Redirect blocked \u003Cstrong>IPs to Shop Page.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Redirect blocked \u003Cstrong>IPs to Home Page.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Redirect blocked \u003Cstrong>IPs to Specific Category.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Lightweight and simple to configure.\u003Cbr \u002F>\n– No coding required.\u003Cbr \u002F>\n– Compatible with the latest WooCommerce and WordPress versions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why This Plugin Stands Out\u003C\u002Fstrong>\u003Cbr \u002F>\nUnlike complex security plugins, \u003Cstrong>Block IP Address for WooCommerce\u003C\u002Fstrong> focuses only on what you need — simple, fast, and effective IP blocking with flexible control.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect For\u003C\u002Fstrong>\u003Cbr \u002F>\n– Store owners who want to \u003Cstrong>block IP address in WooCommerce.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Preventing fake traffic and spam users\u003Cbr \u002F>\n– Restricting access to specific users or regions\u003Cbr \u002F>\n– Temporarily blocking suspicious visitors\u003C\u002Fp>\n\u003Ch3>Contacts\u003C\u002Fh3>\n\u003Cp>If you need assistance, please visit our website at \u003Ca href=\"https:\u002F\u002Fwpcraft.net\" rel=\"nofollow ugc\">wpcraft.net\u003C\u002Fa> or contact our support team at \u003Ca href=\"info@wpcraft.net\" rel=\"nofollow ugc\">info@wpcraft.net\u003C\u002Fa>.\u003C\u002Fp>\n","Block IP Address for WooCommerce – Easily block IP address from accessing your WooCommerce shop, homepage, or specific product categories and redirect …",674,"2026-04-05T03:30:00.000Z","5.5",[20,153,119,154,155],"ip-ban","ip-restriction","woocommerce-security","https:\u002F\u002Fwpcraft.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-ip-address-for-woocommerce.1.0.4.zip",{"attackSurface":159,"codeSignals":175,"taintFlows":198,"riskAssessment":244,"analyzedAt":260},{"hooks":160,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":46,"unprotectedCount":46},[161,167],{"type":162,"name":163,"callback":164,"file":165,"line":166},"action","admin_menu","block_country_menu","block-country.php",292,{"type":162,"name":168,"callback":169,"file":165,"line":170},"wp_head","block_some",430,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":180,"fileOperations":25,"externalRequests":46,"nonceChecks":46,"capabilityChecks":46,"bundledLibraries":197},[],{"prepared":178,"raw":46,"locations":179},3,[],{"escaped":46,"rawEcho":181,"locations":182},7,[183,186,189,190,191,193,195],{"file":165,"line":184,"context":185},421,"raw output",{"file":187,"line":188,"context":185},"form.php",31,{"file":187,"line":188,"context":185},{"file":187,"line":188,"context":185},{"file":187,"line":192,"context":185},45,{"file":187,"line":194,"context":185},57,{"file":187,"line":196,"context":185},68,[],[199,216,234],{"entryPoint":200,"graph":201,"unsanitizedCount":25,"severity":37},"getLocationInfoByIp (block-country.php:373)",{"nodes":202,"edges":214},[203,208],{"id":204,"type":205,"label":206,"file":165,"line":207},"n0","source","$_SERVER",376,{"id":209,"type":210,"label":211,"file":165,"line":212,"wp_function":213},"n1","sink","file_get_contents() [SSRF\u002FLFI]",385,"file_get_contents",[215],{"from":204,"to":209,"sanitized":45},{"entryPoint":217,"graph":218,"unsanitizedCount":48,"severity":37},"\u003Cblock-country> (block-country.php:0)",{"nodes":219,"edges":231},[220,223,227,229],{"id":204,"type":205,"label":221,"file":165,"line":222},"$_REQUEST (x4)",321,{"id":209,"type":210,"label":224,"file":165,"line":225,"wp_function":226},"update_option() [Settings Manipulation]",334,"update_option",{"id":228,"type":205,"label":206,"file":165,"line":207},"n2",{"id":230,"type":210,"label":211,"file":165,"line":212,"wp_function":213},"n3",[232,233],{"from":204,"to":209,"sanitized":45},{"from":228,"to":230,"sanitized":45},{"entryPoint":235,"graph":236,"unsanitizedCount":242,"severity":243},"block_country_post (block-country.php:318)",{"nodes":237,"edges":240},[238,239],{"id":204,"type":205,"label":221,"file":165,"line":222},{"id":209,"type":210,"label":224,"file":165,"line":225,"wp_function":226},[241],{"from":204,"to":209,"sanitized":45},4,"low",{"summary":245,"deductions":246},"The 'block-country' plugin v1.0 exhibits a mixed security posture.  On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and making no external HTTP requests. Furthermore, the static analysis reveals no dangerous functions, zero shortcodes, cron events, or obvious attack surface in terms of AJAX handlers or REST API routes. This suggests a conscious effort to avoid common entry points for attacks.\n\nHowever, significant concerns arise from the output escaping and taint analysis.  A concerning 0% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data, if processed by the plugin, could be rendered unsafely in the browser.  The taint analysis reveals three flows with unsanitized paths, all of which, while not classified as critical or high severity in this scan, represent potential vectors for data manipulation or unauthorized actions if an attacker can inject malicious input.\n\nThe vulnerability history also presents a substantial risk.  The presence of one currently unpatched medium-severity CVE, identified as Cross-Site Request Forgery (CSRF), is a direct indicator of a known, exploitable flaw.  The pattern of past vulnerabilities, though not detailed here, coupled with the unpatched CVE, suggests a recurring need for diligent security patching and code review within this plugin. While the plugin avoids many common pitfalls, the unaddressed CVE and lack of output sanitization are critical weaknesses that demand immediate attention.",[247,250,253,255,258],{"reason":248,"points":249},"Currently unpatched medium CVE",18,{"reason":251,"points":252},"0% of output properly escaped",20,{"reason":254,"points":14},"3 unsanitized paths found in taint analysis",{"reason":256,"points":257},"Missing nonce checks",10,{"reason":259,"points":257},"Missing capability checks","2026-03-16T21:35:01.090Z",{"wat":262,"direct":271},{"assetPaths":263,"generatorPatterns":266,"scriptPaths":267,"versionParams":268},[264,265],"\u002Fwp-content\u002Fplugins\u002Fblock-country\u002Fblock-country.css","\u002Fwp-content\u002Fplugins\u002Fblock-country\u002Fjs\u002Fblock-country.js",[],[],[269,270],"block-country\u002Fstyle.css?ver=","block-country.js?ver=",{"cssClasses":272,"htmlComments":273,"htmlAttributes":274,"restEndpoints":275,"jsGlobals":276,"shortcodeOutput":277},[],[],[],[],[],[],{"error":279,"url":280,"statusCode":281,"statusMessage":282,"message":282},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fblock-country\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":46,"versions":284},[]]