6.6
CVE-2024-9422
- EPSS 0.73%
- Veröffentlicht 22.11.2024 06:15:20
- Zuletzt bearbeitet 09.06.2025 16:50:24
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
GEO My WordPress <= 4.4.0.2 - Authenticated (Admin+) Arbitrary File Upload
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
Mögliche Gegenmaßnahme
GEO my WP: Update to version 4.5, or a newer patched version
Gmw Premium Settings: Update to version 3.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Geomywp ≫ Geo My Wordpress SwPlatformwordpress Version < 4.5
Geomywp ≫ Geo My Wordpress Premium Settings SwPlatformwordpress Version < 3.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
GEO my WP
Version
4.0-4.4.0.2
SystemWordPress Plugin
≫
Produkt
Gmw Premium Settings
Version
[*, 3.1)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.495 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f/
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8214cdd-3a7d-40ce-9645-7dbd6e8f037f