CVE-2025-62109
- EPSS 0.05%
- Veröffentlicht 09.12.2025 14:52:20
- Zuletzt bearbeitet 20.01.2026 15:17:51
Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through <= 8.9.4.
CVE-2024-7381
- EPSS 0.76%
- Veröffentlicht 05.09.2024 11:15:13
- Zuletzt bearbeitet 06.09.2024 10:44:38
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for...
CVE-2024-7380
- EPSS 0.14%
- Veröffentlicht 05.09.2024 11:15:12
- Zuletzt bearbeitet 06.09.2024 10:33:07
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This make...
CVE-2024-3591
- EPSS 0.41%
- Veröffentlicht 01.05.2024 06:15:21
- Zuletzt bearbeitet 08.05.2025 18:25:09
The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
CVE-2024-30451
- EPSS 0.18%
- Veröffentlicht 29.03.2024 17:15:16
- Zuletzt bearbeitet 21.11.2024 09:11:57
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4.
- EPSS 0.17%
- Veröffentlicht 28.03.2024 05:15:50
- Zuletzt bearbeitet 21.11.2024 09:11:29
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.