CVE-2025-57993
WordPress Geolocation IP Detection Plugin <= 5.5.0 - Cross Site Scripting (XSS) VulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Pick Geolocation IP Detection allows Stored XSS. This issue affects Geolocation IP Detection: from n/a through 5.5.0.
We have discovered 167 live websites that are affected by CVE-2025-57993.
Affected Software
| Product |  Geoip Detect |
| Category | Wordpress Plugins |
| Vulnerable Domains | 167 live websites (41% of Geoip Detect install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 11 versions ( 92% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Sep 22, 2025
- Updated - Sep 23, 2025
Credits
- zaim (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-57993 United States | 49 websites |
 Russia | 54 websites |
 Germany | 12 websites |
 GB | 8 websites |
 Australia | 6 websites |
 Austria | 3 websites |
 Canada | 3 websites |
 Cyprus | 3 websites |
 Hong Kong | 3 websites |
 Italy | 3 websites |
Website Distribution by TLD
Number of websites using CVE-2025-57993| .com | 75 websites |
| .com.au | 7 websites |
| .org | 5 websites |
| .ca | 3 websites |
| .co.uk | 3 websites |
| .ru | 2 websites |
| .eu | 2 websites |
| .at | 1 websites |
| .be | 1 websites |
| .se | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-57993
Top websites that are affected by CVE-2025-57993. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ****.com |  Netherlands | ***,*** | |
| **.news | Russia | ***,*** | |
| *****.com | United States | ***,*** | |
| ***************.com |  Greece | ***,*** | |
| *******************.ch | Germany | ***,*** | |
| ****.com | United States | ***,*** | |
| ***.com | United States | ***,*** |
FAQ
CVE-2025-57993 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Geoip Detect
A total of 167 websites have been identified as vulnerable to CVE-2025-57993, based on global website indexing conducted by WebTechSurvey.
The Geoip Detect is affected by the CVE-2025-57993 vulnerability.
Geoip Detect versions up to and including 5.5 are vulnerable to CVE-2025-57993.