PatchSiren cyber security CVE debrief
CVE-2022-50961 Wordpress CVE debrief
CVE-2022-50961 affects the WordPress IP2Location Country Blocker plugin 2.26.7 and is described as a stored cross-site scripting issue in the Frontend Settings interface. An authenticated user can place malicious JavaScript in the Display page settings URL field, and the script may execute when an administrator or other authenticated user opens the plugin settings page. The supplied NVD record classifies the issue as medium severity and maps it to CWE-79.
- Vendor
- Wordpress
- Product
- Unknown
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-10
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-05-10
- Advisory updated
- 2026-05-10
Who should care
WordPress administrators, site owners, and security teams responsible for environments that use the IP2Location Country Blocker plugin should review this issue. It is most relevant where lower-privileged authenticated users can access plugin configuration screens or where multiple trusted users manage the site.
Technical summary
The supplied source record describes a stored XSS vulnerability in IP2Location Country Blocker 2.26.7. NVD lists the vector as AV:N/AC:L/PR:L/UI:P, indicating network-reachable abuse that requires low privileges and user interaction. The weakness is tagged CWE-79. The payload is stored via the Frontend Settings interface, specifically the URL field in Display page settings, and later executes in the context of users who view that settings page.
Defensive priority
Medium. Prioritize remediation if the plugin is installed and any non-admin or broadly trusted authenticated users can reach its settings interfaces, because stored XSS can expose administrator sessions and site configuration workflows.
Recommended defensive actions
- Update or replace IP2Location Country Blocker if a fixed version is available from the vendor/plugin maintainer.
- Restrict access to the plugin's settings pages so only trusted administrators can modify Frontend Settings.
- Audit the Display page settings URL field and remove any unexpected script content or malformed entries.
- Review logs and recent administrative activity for unauthorized changes to plugin configuration.
- Treat any administrator browser session that viewed the affected settings page as potentially exposed until the configuration is verified and cleaned.
- Apply broader WordPress hardening controls that reduce the impact of stored XSS, such as limiting admin privileges and using strong session protections.
Evidence notes
This debrief is based only on the supplied CVE/NVD record and the referenced source corpus. The NVD record identifies the issue as CVE-2022-50961 with CWE-79 and the provided description states the stored XSS location and affected plugin version. The source corpus also includes a VulnCheck advisory reference, the plugin page, and a secondary Exploit-DB reference; no exploit details are included here.
Official resources
According to the supplied record, the CVE and NVD entries were published/updated on 2026-05-10. The source corpus references a VulnCheck advisory, the plugin page, and a secondary Exploit-DB reference; this debrief does not add details that