cbcvebase.
CVE-2024-52433
published 2024-11-18

CVE-2024-52433: Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.07%
86.0th percentile
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through <= 1.2.

Affected

2 ranges
VendorProductVersion rangeFixed in
mindstienmy_geo_posts_free<= 1.2
mindstien_technologiesmy_geo_posts_free<= 1.2

Detection & IOCsextracted from sources · hover to see the quote

cookiemgpf_geo_coockie
otherO":20:"<rand_alpha_5>":0:{} (base64-encoded, delivered via mgpf_geo_coockie cookie)
  • Detect exploitation attempts by inspecting HTTP requests for the 'mgpf_geo_coockie' cookie containing a base64-encoded PHP serialized object payload (e.g. base64 of 'O":N:"...":0:{}').
  • A successful exploitation attempt triggers a PHP Warning referencing 'mgpf_get_geo_location()' in the response body, along with the echoed base64 payload value — match all three in the HTTP response body.
  • The attack is unauthenticated and targets the WordPress site root (GET /), requiring no prior authentication — monitor for anomalous GET requests to '/' carrying the mgpf_geo_coockie cookie.
  • ·No known POP chain exists within the vulnerable plugin itself; exploitation for RCE/file deletion requires a secondary plugin or theme on the target to supply a usable POP chain.
  • ·The vulnerability affects My Geo Posts Free versions up to and including 1.2 only; versions beyond 1.2 are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.