CVE-2023-5467

🗓️ 10 Oct 2023 04:29:38Reported by WordfenceType

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-5467	26 Dec 202317:33	–	circl
CNNVD	WordPress plugin GEO my WordPress Cross Site Scripting Vulnerability	10 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-5467 GEO my WordPress <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	10 Oct 202304:29	–	cvelist
EUVD	EUVD-2023-57781	3 Oct 202520:07	–	euvd
NVD	CVE-2023-5467	10 Oct 202305:15	–	nvd
OSV	CVE-2023-5467	10 Oct 202305:15	–	osv
Patchstack	WordPress GEO my WordPress Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)	10 Oct 202300:00	–	patchstack
Prion	Cross site scripting	10 Oct 202305:15	–	prion
Positive Technologies	PT-2023-32122 · WordPress · Geo My Wordpress	10 Oct 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-5467	23 May 202504:31	–	redhatcve

NVD

Vulners

Node

geomywp geo_my_wordpressRange≤4.0wordpress

[
  {
    "vendor": "ninjew",
    "product": "GEO my WP",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "4.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.0/plugins/single-location/includes/class-gmw-single-location.php
plugins	www.plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.0.1/plugins/single-location/includes/class-gmw-single-location.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a96ac71f-3dae-40eb-9268-d56688a5aa64

08 Apr 2026 19:18Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.4 - 6.4

EPSS0.00193

SSVC

CWE-79

cve-2023-5467 geo my wordpress wordpress stored cross-site scripting nvd vulnerability input sanitization output escaping authenticated attackers contributor-level permissions