CVE-2024-3591

🗓️ 01 May 2024 06:00:02Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 133 Views🌐 WEB

Geo Controller WordPress plugin unauthenticated PHP Object Injection via AJAX and REST API

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress plugin Geo Controller 安全漏洞	1 May 202400:00	–	cnnvd
Cvelist	CVE-2024-3591 WordPress Geo Controller < 8.6.5 - PHP Object Injection	1 May 202406:00	–	cvelist
NVD	CVE-2024-3591	1 May 202406:15	–	nvd
OSV	CVE-2024-3591	1 May 202406:15	–	osv
Positive Technologies	PT-2024-26777 · WordPress · Geo Controller	30 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-3591	23 May 202507:46	–	redhatcve
Vulnrichment	CVE-2024-3591 WordPress Geo Controller < 8.6.5 - PHP Object Injection	1 May 202406:00	–	vulnrichment
wpexploit	WordPress Geo Controller < 8.6.5 - PHP Object Injection	10 Apr 202400:00	–	wpexploit
WPVulnDB	WordPress Geo Controller < 8.6.5 - PHP Object Injection	10 Apr 202400:00	–	wpvulndb

NVD

Vulners

Vulnrichment

Node

infinitumform geo_controllerRange<8.6.5wordpress

[
  {
    "vendor": "Unknown",
    "product": "Geo Controller",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "8.6.5"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/f85d8b61-eaeb-433c-b857-06ee4db5c7d5/

Parameter	Position	Path	Description	CWE
action	query param	/wp-admin/admin-ajax.php	PHP Object Injection via unsafe unserialization in Geo Controller WordPress plugin AJAX action	CWE-502
options	query param	/wp-admin/admin-ajax.php	PHP Object Injection via unsafe unserialization in Geo Controller WordPress plugin AJAX action	CWE-502

17 Jun 2026 07:44Current

7.1High risk

Vulners AI Score7.1

CVSS 3.16.5

EPSS0.00489

SSVC

CWE-502