Block Country CVE-2025-48077
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
5DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0.
AnalysisAI
Cross-site request forgery (CSRF) in Block Country WordPress plugin versions up to 1.0 enables attackers to trick authenticated administrators into executing malicious requests that inject stored XSS payloads. This chained vulnerability allows unauthenticated remote attackers to achieve persistent code execution in victim browsers by combining CSRF with stored cross-site scripting, requiring only that an admin interact with a crafted link or page. EPSS probability is minimal (0.02%, 4th percentile) with no active exploitation identified, but the attack chain is straightforward given user interaction occurs.
Technical ContextAI
This vulnerability exploits missing CSRF token validation in the Block Country WordPress plugin's administrative functions, classified as CWE-352 (Cross-Site Request Forgery). The plugin appears to handle country-based access control features, likely maintaining settings or block lists through administrative interfaces. The absence of nonce verification allows attackers to forge requests that modify plugin settings or data on behalf of authenticated administrators. When combined with inadequate input sanitization (enabling the stored XSS component), the CSRF vector becomes a delivery mechanism for persistent malicious JavaScript. The WordPress plugin ecosystem commonly suffers from CSRF vulnerabilities when developers fail to implement wp_nonce_field() and check_admin_referer() functions in form processing. The changed scope (S:C) in the CVSS vector indicates the stored XSS can affect resources beyond the vulnerable plugin's security context, potentially compromising the entire WordPress admin interface.
Affected ProductsAI
The vulnerability affects Block Country WordPress plugin developed by nitinmaurya12, impacting all versions from initial release through version 1.0 and earlier. The plugin is distributed through the WordPress plugin repository and provides country-based access blocking functionality for WordPress sites. No CPE identifier was provided in the available data, but the plugin can be identified by its slug 'block-country' in WordPress installations. Vendor advisory and technical details are available through Patchstack's vulnerability database at the referenced URL.
RemediationAI
Upgrade Block Country plugin to version 1.0.1 or later if available, or remove the plugin entirely if country blocking functionality is not required for operations. As of this analysis, the Patchstack database reference does not confirm a specific patched version number - site administrators should check the WordPress plugin repository for updates released after version 1.0. If immediate upgrade or removal is not feasible, implement compensating controls: restrict WordPress admin panel access to trusted IP addresses or VPN-only connections to limit CSRF attack surface, enable two-factor authentication for all administrator accounts to add defense depth against session hijacking, and review plugin settings for any unauthorized modifications that may indicate prior exploitation. Consider replacing Block Country with actively maintained country-blocking solutions that have established security track records. Note that disabling the plugin without removing it may not fully mitigate risk if vulnerable code remains accessible. These workarounds reduce but do not eliminate risk, as determined attackers with admin interaction could still potentially exploit the CSRF vector. Consult Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/block-country/ for the latest remediation guidance and confirmed fix version.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today