CVE-2025-32644 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the IP2Location World Clock plugin, specifically affecting versions up to and including 1.1.9. The vulnerability allows attackers to trick authenticated users into submitting unauthorized requests to the application, which can result in stored Cross-Site Scripting (XSS) attacks. Stored XSS occurs when malicious scripts injected by an attacker are permanently stored on the target server and executed in the context of other users' browsers, leading to session hijacking, data theft, or further exploitation. The CSRF aspect means that attackers can craft malicious web pages or links that cause users to unknowingly perform actions with their privileges, such as injecting malicious content. The plugin is commonly used to display world clocks based on IP geolocation data, and the vulnerability arises from insufficient validation of requests and inadequate input sanitization. No CVSS score has been assigned yet, and no patches or official fixes are currently available. Exploitation does not require user interaction beyond visiting a malicious page, and authentication is required, as the attack leverages the victim's authenticated session. The combination of CSRF and stored XSS significantly increases the risk profile, as it can lead to persistent compromise of user data and application integrity.

The impact of CVE-2025-32644 is significant for organizations using the IP2Location World Clock plugin. Successful exploitation can lead to unauthorized actions performed in the context of authenticated users, potentially allowing attackers to inject persistent malicious scripts. This can compromise user confidentiality by stealing session cookies or sensitive data, impact integrity by modifying displayed content or stored data, and affect availability if malicious scripts disrupt normal operations. The stored XSS component can facilitate further attacks such as phishing, malware distribution, or privilege escalation within the affected environment. Organizations relying on this plugin for geolocation services or time display may face reputational damage, data breaches, and regulatory consequences if exploited. The lack of an official patch increases the window of exposure, making proactive mitigation essential. The threat is amplified in environments with multiple users and high privilege levels, such as enterprise portals or public-facing websites.

To mitigate CVE-2025-32644, organizations should immediately assess the use of the IP2Location World Clock plugin and consider disabling or removing it if not essential. Implementing robust CSRF protections is critical; this includes enforcing anti-CSRF tokens on all state-changing requests and validating the origin and referer headers. Input validation and output encoding should be enhanced to prevent stored XSS, ensuring that all user-supplied data is properly sanitized before storage and rendering. Monitoring web server and application logs for unusual or unauthorized requests can help detect exploitation attempts. Network-level protections such as Web Application Firewalls (WAFs) can be configured to block suspicious CSRF and XSS payloads. Organizations should stay alert for official patches or updates from IP2Location and apply them promptly once released. Additionally, educating users about the risks of clicking unknown links and maintaining up-to-date browser security settings can reduce the risk of successful exploitation.