The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
Metrics
Affected Vendors & Products
References
History
Mon, 19 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Geo My Wp
Geo My Wp geo My Wp |
|
CPEs | cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:* | |
Vendors & Products |
Geo My Wp
Geo My Wp geo My Wp |
|
Metrics |
cvssV3_1
|
Mon, 19 Aug 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. | |
Title | GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-08-19T06:00:02.982Z
Updated: 2024-08-19T15:29:05.964Z
Reserved: 2024-06-25T16:37:48.797Z
Link: CVE-2024-6330
Vulnrichment
Updated: 2024-08-19T15:29:00.538Z
NVD
Status : Awaiting Analysis
Published: 2024-08-19T06:15:05.690
Modified: 2024-08-19T16:35:30.907
Link: CVE-2024-6330
Redhat
No data.