Vulnerabilities and security researches forip-based-login ip-based-login

Mar 15, 2025

CVE, Research URL: CVE-2024-13118
Home page URL: Security reports for IP Based Login
Application: IP Based Login
Date: Mar 25, 2025
Research Description: The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack
Affected versions: max 2.4.1.
Status: vulnerable

CVE, Research URL: CVE-2024-12800
Home page URL: Security reports for IP Based Login
Application: IP Based Login
Date: May 16, 2025
Research Description: The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 2.4.1.
Status: vulnerable

Jul 02, 2025

CVE, Research URL: CVE-2025-50016
Home page URL: Security reports for IP Based Login
Application: IP Based Login
Date: Jun 20, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.2.
Affected versions: max 2.4.2.
Status: vulnerable

Apr 26, 2026

CVE, Research URL: CVE-2025-58960
Home page URL: Security reports for IP Based Login
Application: IP Based Login
Date: Sep 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through <= 2.4.3.
Affected versions: max 2.4.4.
Status: vulnerable