Ninjew Geo My Wp vulnerabilities
2 known vulnerabilities affecting ninjew/geo_my_wp.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-9757P3HIGHCVSS 7.5≤ 4.5.52026-05-30
CVE-2026-9757 [HIGH] CWE-89 CVE-2026-9757: The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng'
The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's wp_magic_quotes protection, which only covers $_POST/$_GET/$_COOKIE/$_REQUEST), then each is split on ',' via
nvd
CVE-2023-5467P4MEDIUMCVSS 5.4≤ 4.02023-10-10
CVE-2023-5467 [MEDIUM] CWE-79 CVE-2023-5467: The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web script
nvd