Search criteria
4 vulnerabilities found for GEO my WP by Unknown
CVE-2024-9422 (GCVE-0-2024-9422)
Vulnerability from nvd – Published: 2024-11-22 06:00 – Updated: 2024-11-22 17:52
VLAI?
Title
GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
Summary
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
Severity ?
6.6 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | GEO my WP |
Affected:
4.0 , < 4.5
(semver)
|
|||||||
|
|||||||||
Credits
Michael Dyrna
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "geo_my_wordpress",
"vendor": "geomywp",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9422",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T17:46:13.344508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T17:52:16.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GEO my WP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "4.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "gmw-premium-settings",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Dyrna"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T06:00:04.194Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GEO My WordPress \u003c 4.5 - Admin+ Arbitrary File Upload",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-9422",
"datePublished": "2024-11-22T06:00:04.194Z",
"dateReserved": "2024-10-01T20:26:08.308Z",
"dateUpdated": "2024-11-22T17:52:16.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6330 (GCVE-0-2024-6330)
Vulnerability from nvd – Published: 2024-08-19 06:00 – Updated: 2024-08-19 15:29
VLAI?
Title
GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
Summary
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Michael Dyrna
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geo_my_wp",
"vendor": "geo_my_wp",
"versions": [
{
"lessThan": "4.5.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T15:27:17.475889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T15:29:05.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GEO my WP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Dyrna"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP\u0027s execution context, which leads to Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T06:00:02.982Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GEO my WordPress \u003c 4.4.0.2 - Unauthenticated RCE via LFI",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-6330",
"datePublished": "2024-08-19T06:00:02.982Z",
"dateReserved": "2024-06-25T16:37:48.797Z",
"dateUpdated": "2024-08-19T15:29:05.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9422 (GCVE-0-2024-9422)
Vulnerability from cvelistv5 – Published: 2024-11-22 06:00 – Updated: 2024-11-22 17:52
VLAI?
Title
GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
Summary
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
Severity ?
6.6 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | GEO my WP |
Affected:
4.0 , < 4.5
(semver)
|
|||||||
|
|||||||||
Credits
Michael Dyrna
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "geo_my_wordpress",
"vendor": "geomywp",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9422",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T17:46:13.344508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T17:52:16.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GEO my WP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "4.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "gmw-premium-settings",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Dyrna"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T06:00:04.194Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GEO My WordPress \u003c 4.5 - Admin+ Arbitrary File Upload",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-9422",
"datePublished": "2024-11-22T06:00:04.194Z",
"dateReserved": "2024-10-01T20:26:08.308Z",
"dateUpdated": "2024-11-22T17:52:16.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6330 (GCVE-0-2024-6330)
Vulnerability from cvelistv5 – Published: 2024-08-19 06:00 – Updated: 2024-08-19 15:29
VLAI?
Title
GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
Summary
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Michael Dyrna
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "geo_my_wp",
"vendor": "geo_my_wp",
"versions": [
{
"lessThan": "4.5.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T15:27:17.475889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T15:29:05.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GEO my WP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Dyrna"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP\u0027s execution context, which leads to Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T06:00:02.982Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GEO my WordPress \u003c 4.4.0.2 - Unauthenticated RCE via LFI",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-6330",
"datePublished": "2024-08-19T06:00:02.982Z",
"dateReserved": "2024-06-25T16:37:48.797Z",
"dateUpdated": "2024-08-19T15:29:05.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}