Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for GEO my WP by Unknown

    CVE-2024-9422 (GCVE-0-2024-9422)

    Vulnerability from nvd – Published: 2024-11-22 06:00 – Updated: 2024-11-22 17:52
    VLAI
    Title
    GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
    Summary
    The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/81320923-767c-43… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown GEO my WP Affected: 4.0 , < 4.5 (semver)
    Create a notification for this product.
    Unknown gmw-premium-settings Affected: 0 , < 3.1 (semver)
    Create a notification for this product.
    geomywp geo_my_wordpress Affected: 4.0 , < 4.5 (custom)
        cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Michael Dyrna WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "geo_my_wordpress",
                "vendor": "geomywp",
                "versions": [
                  {
                    "lessThan": "4.5",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9422",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:46:13.344508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T17:52:16.250Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GEO my WP",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "gmw-premium-settings",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Dyrna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T06:00:04.194Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GEO My WordPress \u003c 4.5 - Admin+ Arbitrary File Upload",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-9422",
        "datePublished": "2024-11-22T06:00:04.194Z",
        "dateReserved": "2024-10-01T20:26:08.308Z",
        "dateUpdated": "2024-11-22T17:52:16.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6330 (GCVE-0-2024-6330)

    Vulnerability from nvd – Published: 2024-08-19 06:00 – Updated: 2024-08-19 15:29
    VLAI
    Title
    GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
    Summary
    The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/95b532e0-1ffb-42… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown GEO my WP Affected: 0 , < 4.5.0.2 (semver)
    Create a notification for this product.
    geo_my_wp geo_my_wp Affected: 0 , < 4.5.0.2 (semver)
        cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Michael Dyrna WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "geo_my_wp",
                "vendor": "geo_my_wp",
                "versions": [
                  {
                    "lessThan": "4.5.0.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:27:17.475889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:29:05.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GEO my WP",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Dyrna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP\u0027s execution context, which leads to Remote Code Execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-19T06:00:02.982Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GEO my WordPress \u003c 4.4.0.2 - Unauthenticated RCE via LFI",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-6330",
        "datePublished": "2024-08-19T06:00:02.982Z",
        "dateReserved": "2024-06-25T16:37:48.797Z",
        "dateUpdated": "2024-08-19T15:29:05.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9422 (GCVE-0-2024-9422)

    Vulnerability from cvelistv5 – Published: 2024-11-22 06:00 – Updated: 2024-11-22 17:52
    VLAI
    Title
    GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
    Summary
    The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/81320923-767c-43… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown GEO my WP Affected: 4.0 , < 4.5 (semver)
    Create a notification for this product.
    Unknown gmw-premium-settings Affected: 0 , < 3.1 (semver)
    Create a notification for this product.
    geomywp geo_my_wordpress Affected: 4.0 , < 4.5 (custom)
        cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Michael Dyrna WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "geo_my_wordpress",
                "vendor": "geomywp",
                "versions": [
                  {
                    "lessThan": "4.5",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9422",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:46:13.344508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T17:52:16.250Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GEO my WP",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "gmw-premium-settings",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Dyrna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T06:00:04.194Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GEO My WordPress \u003c 4.5 - Admin+ Arbitrary File Upload",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-9422",
        "datePublished": "2024-11-22T06:00:04.194Z",
        "dateReserved": "2024-10-01T20:26:08.308Z",
        "dateUpdated": "2024-11-22T17:52:16.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6330 (GCVE-0-2024-6330)

    Vulnerability from cvelistv5 – Published: 2024-08-19 06:00 – Updated: 2024-08-19 15:29
    VLAI
    Title
    GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
    Summary
    The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/95b532e0-1ffb-42… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown GEO my WP Affected: 0 , < 4.5.0.2 (semver)
    Create a notification for this product.
    geo_my_wp geo_my_wp Affected: 0 , < 4.5.0.2 (semver)
        cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Michael Dyrna WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "geo_my_wp",
                "vendor": "geo_my_wp",
                "versions": [
                  {
                    "lessThan": "4.5.0.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T15:27:17.475889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T15:29:05.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GEO my WP",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "4.5.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Dyrna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP\u0027s execution context, which leads to Remote Code Execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-19T06:00:02.982Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GEO my WordPress \u003c 4.4.0.2 - Unauthenticated RCE via LFI",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-6330",
        "datePublished": "2024-08-19T06:00:02.982Z",
        "dateReserved": "2024-06-25T16:37:48.797Z",
        "dateUpdated": "2024-08-19T15:29:05.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }