The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
History

Mon, 19 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Geo My Wp
Geo My Wp geo My Wp
CPEs cpe:2.3:a:geo_my_wp:geo_my_wp:*:*:*:*:*:*:*:*
Vendors & Products Geo My Wp
Geo My Wp geo My Wp
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 19 Aug 2024 06:15:00 +0000

Type Values Removed Values Added
Description The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
Title GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-08-19T06:00:02.982Z

Updated: 2024-08-19T15:29:05.964Z

Reserved: 2024-06-25T16:37:48.797Z

Link: CVE-2024-6330

cve-icon Vulnrichment

Updated: 2024-08-19T15:29:00.538Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-19T06:15:05.690

Modified: 2024-08-19T16:35:30.907

Link: CVE-2024-6330

cve-icon Redhat

No data.