Geomywp Geo My Wordpress vulnerabilities
4 known vulnerabilities affecting geomywp/geo_my_wordpress.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-6330P2CRITICALCVSS 9.8fixed in 4.5.0.22024-08-19
CVE-2024-6330 [CRITICAL] CWE-94 CVE-2024-6330: The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from includ
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
nvd
CVE-2023-52134P3HIGHCVSS 7.2≤ 4.0.22023-12-31
CVE-2023-52134 [HIGH] CWE-89 CVE-2023-52134: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2.
nvd
CVE-2024-9422P3MEDIUMCVSS 6.6fixed in 4.52024-11-22
CVE-2024-9422 [MEDIUM] CWE-434 CVE-2024-9422: The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
nvd
CVE-2023-5467P4MEDIUMCVSS 5.4≤ 4.02023-10-10
CVE-2023-5467 [MEDIUM] CWE-79 CVE-2023-5467: The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web script
nvd