Plattform
wordpress
Komponente
block-country
Behoben in
1.0.1
CVE-2025-48077 describes a Cross-Site Request Forgery (CSRF) vulnerability leading to Stored XSS within the Block Country WordPress plugin. This allows an attacker to inject malicious scripts into the plugin, potentially impacting user accounts and site functionality. The vulnerability affects versions from 0.0.0 up to and including 1.0, and a patch is available in version 1.0.1.
Successful exploitation of CVE-2025-48077 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can lead to various malicious actions, including session hijacking, account takeover, and defacement of the website. The attacker could steal sensitive information like cookies or authentication tokens, gaining unauthorized access to user accounts. The blast radius extends to any user interacting with the affected Block Country plugin, making it a significant security risk for WordPress sites utilizing this functionality.
CVE-2025-48077 was publicly disclosed on 2025-11-06. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's severity is rated as HIGH (CVSS 7.1) indicating a reasonable probability of exploitation if left unpatched. It is not currently listed on the CISA KEV catalog.
Websites utilizing the Block Country plugin, particularly those with user accounts or forms that accept user input, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromised plugin on one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'nithinmaurya12 Block Country' /var/www/html/
wp plugin list | grep 'Block Country'• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/block-country/ | grep -i 'x-frame-options'disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-48077 is to immediately upgrade the Block Country WordPress plugin to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing strict Content Security Policy (CSP) headers to restrict script execution from untrusted sources. Additionally, implement CSRF protection mechanisms on all plugin forms to prevent unauthorized requests. Regularly review user input and sanitize data to prevent malicious code injection.
Aktualisieren Sie das Block Country Plugin auf die neueste verfügbare Version, um die CSRF-Schwachstelle zu beheben, die die Ausführung von gespeichertem XSS-Code ermöglicht. Weitere Informationen und Anweisungen zur Aktualisierung finden Sie im Plugin-Repository auf wordpress.org.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-48077 is a CSRF-based Stored XSS vulnerability in the Block Country WordPress plugin, allowing attackers to inject malicious scripts.
You are affected if you are using Block Country versions 0.0.0 through 1.0. Upgrade to 1.0.1 to mitigate the risk.
Upgrade the Block Country plugin to version 1.0.1 or later. Consider implementing CSRF protection measures if immediate upgrade is not possible.
As of 2025-11-06, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Check the Block Country plugin's official website or WordPress plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.