Lucene search
K

67 matches found

CNNVD
CNNVD
added 2024/09/05 12:0 a.m.4 views

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7.4AI score0.00339EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/05 12:0 a.m.17 views

WordPress Geo Controller Plugin <= 8.7.3 is vulnerable to Broken Access Control

Software Geo Controller Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7380 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c241dd8210b8 Credits Lucio Sá Required privilege...

4.3CVSS6.6AI score0.00266EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/01 6:15 a.m.16 views

CVE-2024-3591

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6.5CVSS6.9AI score0.00489EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/01 6:0 a.m.18 views

CVE-2024-3591 WordPress Geo Controller < 8.6.5 - PHP Object Injection

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6.8AI score0.00489EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/05/01 6:0 a.m.20 views

CVE-2024-3591 WordPress Geo Controller < 8.6.5 - PHP Object Injection

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

7.2AI score0.00489EPSS
Exploits2References1
CVE
CVE
added 2024/05/01 6:0 a.m.140 views

CVE-2024-3591

CVE-2024-3591 affects the WordPress plugin Geo Controller up to version 8.6.5. The issue arises from unserializing user input in certain AJAX actions and REST API routes, enabling unauthenticated users to perform a PHP Object Injection if a suitable gadget is present on the blog. Evidence across ...

6.5CVSS7.1AI score0.00489EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.9 views

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7AI score0.00489EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.8 views

PT-2024-26777 · WordPress · Geo Controller

Name of the Vulnerable Software and Affected Versions: Geo Controller WordPress plugin versions prior to 8.6.5 Description: The issue allows unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog, due to the plugin unserializing user input via some of...

6.5CVSS7.7AI score0.00489EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2024/04/10 12:0 a.m.22 views

WordPress Geo Controller < 8.6.5 - PHP Object Injection

Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. PoC...

7AI score0.00489EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2024/04/10 12:0 a.m.173 views

WordPress Geo Controller < 8.6.5 - PHP Object Injection

Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

7.2AI score0.00489EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Geo Controller < 8.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Geo Controller plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/29 5:15 p.m.26 views

CVE-2024-30451

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4...

6.5CVSS6.4AI score0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/29 4:42 p.m.12 views

CVE-2024-30451 WordPress Geo Controller plugin <= 8.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4...

6.5CVSS6.7AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/29 4:42 p.m.28 views

CVE-2024-30451 WordPress Geo Controller plugin <= 8.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4...

6.5CVSS6.6AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2024/03/29 4:42 p.m.64 views

CVE-2024-30451

CVE-2024-30451 : The Red Hat page confirms an improper input neutralization in the INFINITUM Geo Controller (Geo Controller cf-geoplugin) WordPress plugin, causing a Stored XSS. Affected versions are Geo Controller up to 8.6.4 (inclusive). Root cause: input is not properly sanitized during web pa...

6.5CVSS8.7AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.3 views

WordPress Plugin Geo Controller 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

6.5CVSS7.7AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.4 views

PT-2024-23380 · Unknown · Infinitum Form Geo Controller

Name of the Vulnerable Software and Affected Versions: INFINITUM FORM Geo Controller versions n/a through 8.6.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacke...

6.5CVSS9.1AI score0.00351EPSS
Exploits0References5
NVD
NVD
added 2024/03/28 5:15 a.m.19 views

CVE-2024-30227

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4...

9CVSS9.2AI score0.00597EPSS
Exploits0References1
CVE
CVE
added 2024/03/28 4:55 a.m.50 views

CVE-2024-30227

The CVE-2024-30227 entry concerns the WordPress Geo Controller plugin (≤ 8.6.4). The vulnerability is due to Deserialization of Untrusted Data leading to PHP Object Injection, with unauthenticated exploitation possible. Impact is high (confidentiality, integrity, availability all affected) and CV...

9CVSS5.2AI score0.00597EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/28 4:55 a.m.8 views

CVE-2024-30227 WordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4...

9CVSS7AI score0.00597EPSS
Exploits0References1
Rows per page
Query Builder