[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOB8h9fK9xuXTf-z78WzZt68gr3TxN3R7kwviCer6mAg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":47,"crawl_stats":37,"alternatives":51,"analysis":152,"fingerprints":340},"user-location-and-ip","User Location and IP","2.0","Sunny Bundel","https:\u002F\u002Fprofiles.wordpress.org\u002Fsunnybundel\u002F","\u003Cp>“User Location and IP” plugin is one of the best free WordPress plugins that let you know all the information about your visitors in real-time, including their IP address, ISP details, location, operating system, browser, city, and many other details, all of which can be displayed via shortcodes on your website posts, pages, and widget.\u003C\u002Fp>\n\u003Cp>In order to use this plugin, you just need to copy one of the appropriate shortcodes from the list below. You can paste it into the location where you want the details to appear. This can be in the sidebar, the header, the footer, or even in the middle of the content.\u003C\u002Fp>\n\u003Cp>“User Location and IP” plugin uses the \u003Ca href=\"http:\u002F\u002Fip-api.com\" title=\"IP-API\" rel=\"friend nofollow ugc\">IP-API\u003C\u002Fa> website to fetch users details based on their IP address.\u003C\u002Fp>\n\u003Cp>Here’s the list of various shortcodes provided by the “User Location and IP” plugin:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[useriploc type=\"ip\"]\n[useriploc type=\"continent\"]\n[useriploc type=\"country\"]\n[useriploc type=\"countrycode\"]\n[useriploc type=\"region\"]\n[useriploc type=\"regionname\"]\n[useriploc type=\"city\"]\n[useriploc type=\"lat\"]\n[useriploc type=\"lon\"]\n[useriploc type=\"timezone\"]\n[useriploc type=\"currency\"]\n[useriploc type=\"isp\"]\n[useriploc type=\"browser\"]\n[useriploc type=\"os\"]\n[useriploc type=\"flag\" height=\"auto\" width=\"50px\" vertical_align=\"baseline\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>As for the Flag shortcode, the height, width, and vertical_align attributes are optional. The default values for height and weight are auto and 50px, respectively. For the vertical_align attribute, baseline is the default value. You can, however, change the vertical_align attribute value to bottom, middle, or top based on the location where you want the flag to appear. Depending on your preference, you can pass one or both of these values to alter the flag’s size.\u003C\u002Fp>\n\u003Ch4>Features of User IP and Location\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Setup is quick and easy.\u003C\u002Fli>\n\u003Cli>Installation is minimal and does not increase the load on the website.\u003C\u002Fli>\n\u003Cli>“User Location and IP” provides live and accurate data that is up-to-date.\u003C\u002Fli>\n\u003Cli>Allows you to display user IP address and location, operating system, browser details, etc anywhere on your website using shortcodes.\u003C\u002Fli>\n\u003Cli>Support for flags and currency shortcodes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you are looking for a plugin that can display visitors’ real-time information anywhere on your blog, then User Location and IP can help you. The plugin is free and doesn’t require any registration.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>I am pleased to announce the release of this plugin which was created by \u003Ca href=\"https:\u002F\u002Fsunnybundel.com\u002F\" title=\"Sunny Bundel\" rel=\"friend nofollow ugc\">Sunny Bundel\u003C\u002Fa> with the help of the team at \u003Ca href=\"https:\u002F\u002Fwptalky.com\u002F\" title=\"WP Talky\" rel=\"friend nofollow ugc\"> WP Talky\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmytechtalky.com\u002F\" title=\"MyTechTalky\" rel=\"friend nofollow ugc\"> MyTechTalky\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>There are also tutorials available on MyTechTalky about WordPress, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmytechtalky.com\u002Fstart-a-blog\u002F\" title=\"How to Start a Blog Using WordPress\" rel=\"friend nofollow ugc\">How to Start a Blog Using WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>…and many more \u003Ca href=\"https:\u002F\u002Fmytechtalky.com\u002Fwordpress\u002F\" title=\"WordPress Tutorial\" rel=\"friend nofollow ugc\">WordPress tutorials\u003C\u002Fa>.\u003C\u002Fp>\n","User Location and IP is a free shortcode based Wordpress plugin that displays real-time information about your users, including their IP address, loca &hellip;",400,9008,100,2,"2025-08-29T11:25:00.000Z","6.8.5","5.4","7.2",[20,21,22,23,24],"city","ip-address","region","user-country","user-location","https:\u002F\u002Fmytechtalky.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-location-and-ip.zip",1,0,"2023-10-03 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2023-31217","user-location-and-ip-authenticated-contributor-stored-cross-site-scripting","User Location and IP \u003C= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting","The User Location and IP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.7","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-08 16:58:54",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e501592-4411-4c0a-aa67-e2d0a29d5d35?source=api-prod",737,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":46,"trust_score":49,"computed_at":50},"sunnybundel",79,"2026-04-04T15:37:38.245Z",[52,73,93,112,131],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":16,"requires_at_least":65,"requires_php":18,"tags":66,"homepage":70,"download_link":71,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":72,"fetched_at":30},"user-ip-and-location","User IP and Location","4.0.2","Sunny Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheguidex\u002F","\u003Cp>Looking to display your website visitor’s IP address, location, browser details, and other information on your WordPress site? Then “User IP and Location” plugin is exactly what you need!\u003C\u002Fp>\n\u003Cp>This plugin is very simple to set up and use. Just install it, and you can start showing visitor information anywhere on your website using easy shortcodes. You can put these shortcodes in your posts, pages, sidebar, footer – anywhere you want!\u003C\u002Fp>\n\u003Cp>The best part? We use the reliable and free \u003Ca href=\"http:\u002F\u002Fip-api.com\" title=\"IP-API\" rel=\"friend nofollow ugc\">IP-API\u003C\u002Fa> service to get all the location data, so the information is always accurate and up-to-date.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New in Version 4.x.x – Works with Caching Plugins!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Are you using WP-Rocket, W3 Total Cache, or any other caching plugin? No problem at all! We’ve completely rebuilt the plugin to work perfectly with all caching plugins. Your visitors will always see their own correct information, not some cached data from another visitor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-Language Support\u003C\u002Fstrong> – Get location names in 8 different languages (English, German, Spanish, Portuguese, French, Japanese, Chinese, Russian)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PRO API Key Support\u003C\u002Fstrong> – Use your premium IP-API key for higher limits and HTTPS security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Caching System\u003C\u002Fstrong> – Built-in server-side caching with customizable expiration times (1 hour to 1 week)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conditional Content\u003C\u002Fstrong> – Show different content to visitors from specific countries, regions, or cities\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools\u003C\u002Fstrong> – PHP functions and REST API endpoints for custom development\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Output\u003C\u002Fstrong> – Change “Yes\u002FNo” text to any language or format you prefer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here are all the shortcodes you can use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[userip_location type=\"ip\"] - Shows visitor's IP address\n[userip_location type=\"continent\"] - Shows continent name\n[userip_location type=\"country\"] - Shows country name\n[userip_location type=\"countrycode\"] - Shows country code (like IN, US, UK)\n[userip_location type=\"region\"] - Shows region code\n[userip_location type=\"regionname\"] - Shows region\u002Fstate name\n[userip_location type=\"city\"] - Shows city name\n[userip_location type=\"zip\"] - **NEW!** Shows ZIP\u002Fpostal code\n[userip_location type=\"lat\"] - Shows latitude\n[userip_location type=\"lon\"] - Shows longitude\n[userip_location type=\"timezone\"] - Shows timezone\n[userip_location type=\"currency\"] - Shows local currency\n[userip_location type=\"isp\"] - Shows internet provider name\n[userip_location type=\"mobile\"] - Shows if visitor is on mobile network\n[userip_location type=\"proxy\"] - Shows if visitor is using proxy\n[userip_location type=\"hosting\"] - Shows if IP is from hosting provider\n[userip_location type=\"browser\"] - Shows browser name\n[userip_location type=\"os\"] - Shows operating system\n[userip_location type=\"flag\" height=\"auto\" width=\"50px\" vertical_align=\"middle\"] - Shows country flag\n[userip_localtime] - **NEW!** Shows visitor's current local time\n[userip_localdate] - **NEW!** Shows visitor's current local date\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Smart Conditional Content:\u003C\u002Fstrong>\u003Cbr \u002F>\nShow different content to visitors from different places! Perfect for targeted marketing, regional offers, or localized messages.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[userip_conditional country=\"US,IN\"]Content for US and India visitors only[\u002Fuserip_conditional]\n[userip_conditional country_not=\"CN,RU\"]Content for everyone except China and Russia[\u002Fuserip_conditional]\n[userip_conditional region=\"CA,TX\"]Special offers for California and Texas![\u002Fuserip_conditional]\n[userip_conditional city=\"Mumbai,Delhi\"]Mumbai and Delhi exclusive deals[\u002Fuserip_conditional]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>About the Flag Shortcode:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen using the flag shortcode, you can control its size and position. The \u003Ccode>height\u003C\u002Fcode>, \u003Ccode>width\u003C\u002Fcode>, and \u003Ccode>vertical_align\u003C\u002Fcode> options are all optional. By default, height is auto, width is 50px, and it aligns in the middle. You can change these as per your needs.\u003C\u002Fp>\n\u003Ch4>Why Choose User IP and Location Plugin?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Super Easy Setup\u003C\u002Fstrong> – Just install and activate, that’s it!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with All Caching Plugins\u003C\u002Fstrong> – WP-Rocket, W3 Total Cache, you name it!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fast Loading\u003C\u002Fstrong> – Uses modern AJAX technology so it doesn’t slow down your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lots of Information\u003C\u002Fstrong> – IP, country, city, flag, browser, OS, ISP, and much more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Language Support\u003C\u002Fstrong> – Location names in 8 different languages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PRO API Support\u003C\u002Fstrong> – Use premium IP-API keys for higher limits and HTTPS\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Caching\u003C\u002Fstrong> – Server-side caching with customizable expiration (1 hour to 1 week)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New Features\u003C\u002Fstrong> – ZIP code and local time shortcodes added\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Content\u003C\u002Fstrong> – Show different content to visitors from different countries, regions, or cities\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Always Updated\u003C\u002Fstrong> – Uses reliable IP-API service for accurate data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong> – Includes PHP functions and REST API for custom development\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable\u003C\u002Fstrong> – Change output text, caching settings, and more from admin panel\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for bloggers, businesses, and developers who want to personalize their website based on visitor location!\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This awesome plugin is created by the talented team at \u003Ca href=\"https:\u002F\u002Fheyserp.com\" title=\"HeySERP\" rel=\"friend nofollow ugc\"> HeySERP \u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Want to learn more about WordPress? Check out our website \u003Ca href=\"https:\u002F\u002Ftheguidex.com\u002F\" title=\"TheGuideX\" rel=\"friend nofollow ugc\"> TheGuideX \u003C\u002Fa> where we share helpful tutorials on:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthewpx.com\u002Fget-ip-address-and-location-in-wordpress\u002F\" title=\"How to Get the IP Address and Location of Users in WordPress\" rel=\"friend nofollow ugc\">How to Get User IP and Location in WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftheguidex.com\u002Fcommon-wordpress-errors\u002F\" title=\"Common WordPress Errors & Solutions\" rel=\"friend nofollow ugc\">Common WordPress Errors & How to Fix Them\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftheguidex.com\u002Fgoogle-adsense-plugins-for-wordpress\u002F\" title=\"Best WordPress Ads Manager Plugins\" rel=\"friend nofollow ugc\">Best WordPress Ad Management Plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>…and many more helpful \u003Ca href=\"https:\u002F\u002Ftheguidex.com\u002Fcategory\u002Fwordpress\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">WordPress tutorials\u003C\u002Fa> in simple language!\u003C\u002Fp>\n","Want to show your website visitors their IP address, location, and other cool details? This plugin makes it super easy! Now works perfectly with cachi &hellip;",3000,37818,84,9,"2025-07-15T07:41:00.000Z","5.0",[67,68,22,69,24],"country-code","geolocation","user-ip-address","https:\u002F\u002Ftheguidex.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-ip-and-location.zip","2023-04-28 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":16,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":91,"download_link":92,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"show-visitor-ip","Show Visitor IP","5.2","Vikas Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevikas301\u002F","\u003Cp>This plugin simply display Visitor IP Address & visitor location info using by visitor IP on post or page, anywhere using shortcode.\u003C\u002Fp>\n\u003Cp>Very simple to install, simple to use, light weight.\u003C\u002Fp>\n","Show Visitor IP - Simply display visitor IP Address & visitor another location info using by IP on post or page, anywhere using shortcode.",300,9108,76,6,"2025-11-20T18:02:00.000Z","3.0","",[67,21,89,90,22],"lat","long","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshow-visitor-ip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-visitor-ip.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":13,"downloaded":101,"rating":28,"num_ratings":28,"last_updated":102,"tested_up_to":103,"requires_at_least":65,"requires_php":87,"tags":104,"homepage":109,"download_link":110,"security_score":111,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"add-region-by-country-for-woocommerce","Add Region by Country for WooCommerce","1.0.4","C-Metric","https:\u002F\u002Fprofiles.wordpress.org\u002Frupeshjorkar\u002F","\u003Cp>The “Add Region by Country for WooCommerce” plugin allows you to easily add and manage custom regions for specific countries within your WooCommerce store. After activation, navigate to the WooCommerce menu to configure regions through a straightforward interface. Custom regions will then be displayed on the checkout page, enhancing the shopping experience by accommodating regional variations.\u003C\u002Fp>\n\u003Cp>Features of the plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Provide solution for add new region from any allowed country on WooCommerce. * \u003C\u002Fli>\n\u003Cli>Simple-configuration – just install,setup and enjoy.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add Region by Country WooCommerce Add-on plug-in.",2605,"2024-09-09T07:08:00.000Z","6.6.5",[105,106,20,107,108],"add-custom-region","add-region-by-country","shipping-zones","woocommerce","https:\u002F\u002Fwww.c-metric.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-region-by-country-for-woocommerce.1.0.4.zip",92,{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":13,"downloaded":120,"rating":28,"num_ratings":28,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":87,"tags":124,"homepage":128,"download_link":129,"security_score":130,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"region-city-landing-pages-builder","Region City Landing Pages Builder","1.0.0","sukanyasoftwares","https:\u002F\u002Fprofiles.wordpress.org\u002Fsukanyasoftwares\u002F","\u003Cp>This plugin builds Multiple WordPress Pages with the provided city name in the title and body. Allows for parent pages, page template, page titles and contents. The total number of pages created will be the number of lines entered with the combination of city and state in city name, state format.\u003C\u002Fp>\n\u003Cp>Easily build multiple city pages at once geo-targeted landing pages for your services. Creating multiple of pages for different cities can be very time consuming process. Here at sukanyasoftwares we have tried to simplify this process by creating a plugin what generates multiple pages with similar contents but different titles and city names depending on the use of the shortcode. This shortcode will automatically add in the city name for each auto-generated page.\u003C\u002Fp>\n\u003Cp>By the use of simple form, in this plugin can build multiple pages quickly and easily. In fact, you can use it for more than just cities. Say you want to create pages about various types of sports quickly, simple input a list of sports and your base copy, and you’re ready to go! You can set these new pages to draft or published, but we recommend customizing each page to give a unique experience.\u003C\u002Fp>\n\u003Ch4>SEO Tips\u003C\u002Fh4>\n\u003Cp>We recommend creating city-targeted pages in bulk, then customizing the content for each page. Ideally, more than half of the content on a city landing page should be unique to that page and over 500 words in length.\u003C\u002Fp>\n\u003Cp>When the plugin creates a page, it will add a Custom Field for the city name. You can use Page Templates to automate the customization process by adding Google Maps, Weather and other localization to a page.\u003C\u002Fp>\n\u003Cp>Be sure to include an Opt-In form to capture user information.\u003C\u002Fp>\n\u003Ch4>About Sukanyasoftwares\u003C\u002Fh4>\n\u003Cp>Sukanya Softwares a group venture promoted by qualified technocrats and team of developers providing service to the clients worldwide since last 5+ years.We create Mobile Optimized WordPress Websites, write content for SEO and Social media.\u003Cbr \u002F>\nWe also worked on custom post types, child themes,shortcodes and plugins creation and customization.Payment Gateway API integration.Wordpress theme customization.A group of dedicated professionals having distinct experience and long association with the industry.\u003C\u002Fp>\n\u003Cp>For questions about services or support for this plugin, please visit our website at: [link] (http:\u002F\u002Fsukanyasoftwares.com).\u003C\u002Fp>\n","Build Multiple Geographically Targeted Landing Pages Quickly Using Generic Text & Automatically Inserted City Names.",3342,"2021-03-11T10:36:00.000Z","5.7.15","3.0.1",[20,125,126,22,127],"landing-pages","multiple","states","http:\u002F\u002Fsukanyasoftwares.com\u002Fshop\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fregion-city-landing-pages-builder.zip",85,{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":13,"num_ratings":27,"last_updated":141,"tested_up_to":142,"requires_at_least":143,"requires_php":87,"tags":144,"homepage":150,"download_link":151,"security_score":130,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"ipgp-user-country-flag","Ipgp User Country Flag","1.2","Lucian Apostol","https:\u002F\u002Fprofiles.wordpress.org\u002Fthedark\u002F","\u003Cp>The plugin will show your visitors their country flag, based on their IP Address. You can add it as a widget to your sidebar, using a shortcode in your post or pages or directly in your template trough template tags.\u003C\u002Fp>\n\u003Cp>The geolocation is provided by http:\u002F\u002Fwww.ipgp.net\u003C\u002Fp>\n\u003Cp>You can use [ipflag] shortcode, add it trough a widget, or directly into template with \u003C?php echo ipgp_flag(); ?>\u003C\u002Fp>\n","This plugin will allow you to show a flag of your visitors country. When a user goes to your website he will see a flag of its own country, based on t &hellip;",30,8252,"2023-02-03T21:58:00.000Z","6.1.10","2.0.2",[145,146,147,148,149],"country-flag","flag","ip-address-lookup","user-country-flag","widget","http:\u002F\u002Fwww.ipgp.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fipgp-user-country-flag.1.2.zip",{"attackSurface":153,"codeSignals":177,"taintFlows":186,"riskAssessment":329,"analyzedAt":339},{"hooks":154,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":176,"entryPointCount":27,"unprotectedCount":28},[155,160,165],{"type":156,"name":157,"callback":158,"file":159,"line":63},"action","admin_menu","user_location_and_ip_menu","admin\\user-ip-menu.php",{"type":156,"name":161,"callback":162,"file":163,"line":164},"plugins_loaded","user_location_and_ip_load","user-location-and-ip.php",35,{"type":156,"name":166,"callback":167,"file":163,"line":168},"admin_notices","user_location_and_ip_activation_notice",47,[],[],[172],{"tag":173,"callback":174,"file":175,"line":62},"useriploc","user_location_and_ip","inc\\user-ip-functions.php",[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":28,"externalRequests":184,"nonceChecks":28,"capabilityChecks":27,"bundledLibraries":185},[],{"prepared":28,"raw":28,"locations":180},[],{"escaped":182,"rawEcho":28,"locations":183},5,[],11,[],[187],{"entryPoint":188,"graph":189,"unsanitizedCount":328,"severity":39},"\u003Cclass.IP> (inc\\class.IP.php:0)",{"nodes":190,"edges":303},[191,197,203,207,211,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300],{"id":192,"type":193,"label":194,"file":195,"line":196},"n0","source","$_SERVER (x11)","inc\\class.IP.php",31,{"id":198,"type":199,"label":200,"file":195,"line":201,"wp_function":202},"n1","sink","wp_remote_get() [SSRF]",78,"wp_remote_get",{"id":204,"type":193,"label":205,"file":195,"line":206},"n2","$_SERVER",70,{"id":208,"type":209,"label":210,"file":195,"line":206},"n3","transform","→ get_ip_continent()",{"id":212,"type":199,"label":200,"file":195,"line":201,"wp_function":202},"n4",{"id":214,"type":193,"label":205,"file":195,"line":215},"n5",94,{"id":217,"type":209,"label":218,"file":195,"line":215},"n6","→ get_ip_country()",{"id":220,"type":199,"label":200,"file":195,"line":221,"wp_function":202},"n7",102,{"id":223,"type":193,"label":205,"file":195,"line":224},"n8",118,{"id":226,"type":209,"label":227,"file":195,"line":224},"n9","→ get_ip_countrycode()",{"id":229,"type":199,"label":200,"file":195,"line":230,"wp_function":202},"n10",126,{"id":232,"type":193,"label":205,"file":195,"line":233},"n11",142,{"id":235,"type":209,"label":236,"file":195,"line":233},"n12","→ get_ip_region()",{"id":238,"type":199,"label":200,"file":195,"line":239,"wp_function":202},"n13",150,{"id":241,"type":193,"label":205,"file":195,"line":242},"n14",166,{"id":244,"type":209,"label":245,"file":195,"line":242},"n15","→ get_ip_regionName()",{"id":247,"type":199,"label":200,"file":195,"line":248,"wp_function":202},"n16",174,{"id":250,"type":193,"label":205,"file":195,"line":251},"n17",190,{"id":253,"type":209,"label":254,"file":195,"line":251},"n18","→ get_ip_city()",{"id":256,"type":199,"label":200,"file":195,"line":257,"wp_function":202},"n19",198,{"id":259,"type":193,"label":205,"file":195,"line":260},"n20",214,{"id":262,"type":209,"label":263,"file":195,"line":260},"n21","→ get_ip_lat()",{"id":265,"type":199,"label":200,"file":195,"line":266,"wp_function":202},"n22",222,{"id":268,"type":193,"label":205,"file":195,"line":269},"n23",238,{"id":271,"type":209,"label":272,"file":195,"line":269},"n24","→ get_ip_lon()",{"id":274,"type":199,"label":200,"file":195,"line":275,"wp_function":202},"n25",246,{"id":277,"type":193,"label":205,"file":195,"line":278},"n26",262,{"id":280,"type":209,"label":281,"file":195,"line":278},"n27","→ get_ip_timezone()",{"id":283,"type":199,"label":200,"file":195,"line":284,"wp_function":202},"n28",270,{"id":286,"type":193,"label":205,"file":195,"line":287},"n29",286,{"id":289,"type":209,"label":290,"file":195,"line":287},"n30","→ get_ip_currency()",{"id":292,"type":199,"label":200,"file":195,"line":293,"wp_function":202},"n31",294,{"id":295,"type":193,"label":205,"file":195,"line":296},"n32",310,{"id":298,"type":209,"label":299,"file":195,"line":296},"n33","→ get_ip_isp()",{"id":301,"type":199,"label":200,"file":195,"line":302,"wp_function":202},"n34",318,[304,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327],{"from":192,"to":198,"sanitized":305},false,{"from":204,"to":208,"sanitized":305},{"from":208,"to":212,"sanitized":305},{"from":214,"to":217,"sanitized":305},{"from":217,"to":220,"sanitized":305},{"from":223,"to":226,"sanitized":305},{"from":226,"to":229,"sanitized":305},{"from":232,"to":235,"sanitized":305},{"from":235,"to":238,"sanitized":305},{"from":241,"to":244,"sanitized":305},{"from":244,"to":247,"sanitized":305},{"from":250,"to":253,"sanitized":305},{"from":253,"to":256,"sanitized":305},{"from":259,"to":262,"sanitized":305},{"from":262,"to":265,"sanitized":305},{"from":268,"to":271,"sanitized":305},{"from":271,"to":274,"sanitized":305},{"from":277,"to":280,"sanitized":305},{"from":280,"to":283,"sanitized":305},{"from":286,"to":289,"sanitized":305},{"from":289,"to":292,"sanitized":305},{"from":295,"to":298,"sanitized":305},{"from":298,"to":301,"sanitized":305},22,{"summary":330,"deductions":331},"The 'user-location-and-ip' plugin v2.0 exhibits a generally good security posture due to its adherence to several WordPress security best practices. Notably, all SQL queries are prepared, and all identified output operations are properly escaped, significantly mitigating risks of SQL injection and cross-site scripting (XSS) vulnerabilities stemming from direct output. The absence of unprotected AJAX handlers, REST API routes, and cron events also limits the plugin's attack surface. However, there are several areas that warrant attention. The presence of one flow with unsanitized paths in taint analysis, even without critical or high severity, suggests a potential for vulnerabilities if not addressed. Furthermore, the lack of nonce checks on any entry points is a significant concern, as nonces are crucial for preventing Cross-Site Request Forgery (CSRF) attacks, especially on shortcodes that might perform actions. The plugin's vulnerability history shows one medium-severity CVE related to XSS, which, although patched, indicates a past weakness in input sanitization or output encoding that the current version should have fully addressed. While the current static analysis shows good practices, the past vulnerability and the taint flow merit careful review to ensure no residual risks remain.",[332,334,337],{"reason":333,"points":182},"Flow with unsanitized paths identified in taint analysis",{"reason":335,"points":336},"No nonce checks on any entry points (shortcode)",10,{"reason":338,"points":182},"Past medium severity XSS vulnerability (even if patched)","2026-03-16T19:48:00.855Z",{"wat":341,"direct":349},{"assetPaths":342,"generatorPatterns":346,"scriptPaths":347,"versionParams":348},[343,344,345],"\u002Fwp-content\u002Fplugins\u002Fuser-location-and-ip\u002Fflags\u002F","\u002Fwp-content\u002Fplugins\u002Fuser-location-and-ip\u002Fadmin\u002F","\u002Fwp-content\u002Fplugins\u002Fuser-location-and-ip\u002Finc\u002F",[],[],[],{"cssClasses":350,"htmlComments":351,"htmlAttributes":352,"restEndpoints":356,"jsGlobals":357,"shortcodeOutput":358},[],[],[353,354,355],"style=\"height:","width:","vertical-align:",[],[],[359],"\u003Cimg src=\""]