6 matches found
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
CVE-2024-52433
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2...
CVE-2024-52433
creationtimestamp| type| source ---|---|--- 2024-11-18 14:25:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113504413378781317 2024-11-18 17:23:06+00:00| seen| https://t.me/cvedetector/11339 2024-11-28 10:31:19+00:00| published-proof-of-concept| https://t.me/fourrays/17 2024-12-11...
CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2...
CVE-2024-52433
The CVE CVE-2024-52433 affects My Geo Posts Free (WordPress plugin) up to version 1.2. It is a PHP Object Injection vulnerability triggered by deserialization of untrusted input, allowing unauthenticated object injection. The Nuclei template specifies the flaw is in versions up to 1.2 and notes n...
WordPress My Geo Posts Free Plugin <= 1.2 is vulnerable to PHP Object Injection
Software My Geo Posts Free Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52433 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID abf48ca2de6d Credits Mika Required privilege Unauthenticated...