There is a security issue in ConsentFriend 1.7.0+ that affects users who have enabled consentfriend.use_geoip.
Due to an unauthorized update server being used, this may lead to a compromise of the MaxMind GeoIP2/GeoLite2 license key, and potential modification of the GeoIP2/GeoLite2 database.
If you’re affected, we recommend revoking your GeoIP2/GeoLite2 license key in your MaxMind account and to create a new one as a precaution.
The issue is resolved in ConsentFriend 1.7.2, released today.