WP-Safety

IP2Location Redirection Security & Risk Analysis

wordpress.org/plugins/ip2location-redirection

Redirects visitors to a blog page or a predefined URL based on their country and region geolocated using IP address.

8K active installs v1.38.1 PHP 7.4+ WP 4.6+ Updated Apr 15, 2026
country-redirectionip2locationpage-redirectorredirectionwebsite-redirect
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 28, 2025
Plugin page Download
Safety Verdict

Is IP2Location Redirection Safe to Use in 2026?

Generally Safe

Score 99/100

IP2Location Redirection has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 28, 2025Updated 1mo ago
Risk Assessment

The 'ip2location-redirection' plugin v1.38.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices regarding SQL queries, utilizing prepared statements exclusively, and incorporates a substantial number of nonce and capability checks for its entry points. Furthermore, there are no known unpatched vulnerabilities, and the last reported vulnerability was in the past.

However, concerns arise from the static analysis. A significant portion of the plugin's outputs (51%) are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not sanitized before being displayed. The taint analysis also revealed one flow with unsanitized paths, which, while not rated as critical or high severity in this instance, indicates a potential for path traversal or similar vulnerabilities if the input source is untrusted. The presence of file operations and external HTTP requests also warrants careful consideration, as these can be points of exploitation if not handled with stringent input validation and sanitization.

While the plugin has a history of a medium-severity vulnerability related to missing authorization, the fact that it is now patched is a positive sign. The overall security posture is good due to the strong SQL practices and the lack of current unpatched vulnerabilities, but the unescaped output and the identified unsanitized path flow are areas that require attention to mitigate potential risks.

Key Concerns

  • Significant portion of outputs not properly escaped
  • Flow with unsanitized paths identified
  • Medium severity vulnerability in history
Vulnerabilities
1 published

IP2Location Redirection Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-1502medium · 5.3Missing Authorization

IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export

Feb 28, 2025 Patched in 1.33.4 (1d)
Version History

IP2Location Redirection Release Timeline

v2.35.1
v2.25.16
v2.21.2
v2.21.1
v1.38.1Current
v1.38.0
v1.37.0
v1.36.1
v1.36.0
v1.35.0
v1.34.3
v1.34.2
v1.34.1
v1.34.0
v1.33.6
v1.33.5
v1.33.4
v1.33.31 CVE
CVE-2025-1502
v1.33.21 CVE
CVE-2025-1502
v1.33.11 CVE
CVE-2025-1502
Code Analysis
Analyzed Mar 16, 2026

IP2Location Redirection Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
9 prepared
Unescaped Output
20
19 escaped
Nonce Checks
10
Capability Checks
6
File Operations
9
External Requests
9
Bundled Libraries
0

SQL Query Safety

100% prepared9 total queries

Output Escaping

49% escaped39 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<ip2location-redirection> (ip2location-redirection.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

IP2Location Redirection Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_ip2location_redirection_update_ip2location_databaseip2location-redirection.php:34
authwp_ajax_ip2location_redirection_validate_tokenip2location-redirection.php:35
authwp_ajax_ip2location_redirection_validate_api_keyip2location-redirection.php:36
authwp_ajax_ip2location_redirection_submit_feedbackip2location-redirection.php:37
authwp_ajax_ip2location_redirection_search_postip2location-redirection.php:38
authwp_ajax_ip2location_redirection_restoreip2location-redirection.php:39
WordPress Hooks 11
actionplugins_loadedip2location-redirection.php:30
actioninitip2location-redirection.php:31
actionadmin_enqueue_scriptsip2location-redirection.php:32
actionadmin_initip2location-redirection.php:33
actionadmin_noticesip2location-redirection.php:40
actionwp_footerip2location-redirection.php:41
actionadmin_footer_textip2location-redirection.php:42
actionip2location_redirection_hourly_eventip2location-redirection.php:43
actionip2location_redirection_daily_eventip2location-redirection.php:44
actionadmin_menuip2location-redirection.php:77
actionwp_enqueue_scriptip2location-redirection.php:194

Scheduled Events 2

ip2location_redirection_hourly_event
ip2location_redirection_daily_event
Maintenance & Trust

IP2Location Redirection Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads496K

Community Trust

Rating86/100
Number of ratings43
Active installs8K
Alternatives

IP2Location Redirection Alternatives

IP2Location Country Blocker

IP2Location Country Blocker

ip2location-country-blocker

A
93

Blocks unwanted visitors from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers.

30K 9 CVEs
Easy Bouncer – Redirect by IP

Easy Bouncer – Redirect by IP

easy-redirect-by-ip

A
85

Redirect visitors to another web address if their IP address is not on a safe list. Give users access via a passkey url.

10 No CVEs
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

A
86

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

4.0M 20 CVEs
301 Redirects – Redirect Manager

301 Redirects – Redirect Manager

eps-301-redirects

A
98

Manage 301 & 302 redirects. Simple redirection & redirects validation. Includes redirect stats & 404 error log.

300K 3 CVEs
All 404 Redirect to Homepage

All 404 Redirect to Homepage

all-404-redirect-to-homepage

A
99

Using this plugin, you can fix all 404 error links by redirecting them to homepage using the SEO 301 redirection. Improve your SEO rank & pages speed

200K 2 CVEs
Developer Profile

IP2Location Redirection Developer Profile

IP2Location

10 plugins · 39K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect IP2Location Redirection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ip2location-redirection/assets/css/styles.css/wp-content/plugins/ip2location-redirection/assets/js/feedback.js/wp-content/plugins/ip2location-redirection/assets/js/rules.js/wp-content/plugins/ip2location-redirection/assets/js/jquery.tagsinput.min.js/wp-content/plugins/ip2location-redirection/assets/js/jquery-ui.min.js/wp-content/plugins/ip2location-redirection/assets/css/styles.css
Script Paths
/assets/js/feedback.js/assets/js/rules.js/assets/js/jquery.tagsinput.min.js/assets/js/jquery-ui.min.js
Version Parameters
ip2location-redirection/assets/js/rules.js?t=ip2location-redirection/assets/css/styles.css

HTML / DOM Fingerprints

CSS Classes
iplr-chosentagsinputui-dialog
HTML Comments
<!-- IP2Location Redirection Plugin --><!-- END IP2Location Redirection Plugin --><!-- Start IP2Location Redirection --><!-- End IP2Location Redirection -->
Data Attributes
data-rule-iddata-target-urldata-country-codedata-rule-actiondata-lookup-modedata-redirect-url
JS Globals
IP2LocationRedirection
REST Endpoints
/wp-json/ip2location-redirection/v1/settings/wp-json/ip2location-redirection/v1/rules/wp-json/ip2location-redirection/v1/ip-lookup
FAQ

Frequently Asked Questions about IP2Location Redirection