CVE-2024-9422
- EPSS 0.41%
- Veröffentlicht 22.11.2024 06:15:20
- Zuletzt bearbeitet 09.06.2025 16:50:24
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
CVE-2024-6330
- EPSS 43.53%
- Veröffentlicht 19.08.2024 06:15:05
- Zuletzt bearbeitet 27.05.2025 21:06:37
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
CVE-2023-52134
- EPSS 0.14%
- Veröffentlicht 31.12.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:39:15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2.
CVE-2023-5467
- EPSS 0.16%
- Veröffentlicht 10.10.2023 05:15:09
- Zuletzt bearbeitet 21.11.2024 08:41:49
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...