PT-2024-38310 · WordPress · Geo Controller

Name of the Vulnerable Software and Affected Versions: Geo Controller plugin for WordPress versions up to, and including, 8.6.9 Description: The issue arises from missing capability checks on the ajax geolocate menu and ajax geolocate remove menu functions, allowing authenticated attackers with...

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-3591

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2024-3591 WordPress Geo Controller < 8.6.5 - PHP Object Injection

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2024-3591 WordPress Geo Controller < 8.6.5 - PHP Object Injection

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2024-3591

CVE-2024-3591 affects the WordPress plugin Geo Controller up to version 8.6.5. The issue arises from unserializing user input in certain AJAX actions and REST API routes, enabling unauthenticated users to perform a PHP Object Injection if a suitable gadget is present on the blog. Evidence across ...

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26777 · WordPress · Geo Controller

Name of the Vulnerable Software and Affected Versions: Geo Controller WordPress plugin versions prior to 8.6.5 Description: The issue allows unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog, due to the plugin unserializing user input via some of...

WordPress Geo Controller < 8.6.5 - PHP Object Injection

Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

WordPress Geo Controller < 8.6.5 - PHP Object Injection

Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. PoC...

Geo Controller < 8.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Geo Controller plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

CVE-2024-30451

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4...

CVE-2024-30451 WordPress Geo Controller plugin <= 8.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4...

CVE-2024-30451 WordPress Geo Controller plugin <= 8.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4...

CVE-2024-30451

CVE-2024-30451 : The Red Hat page confirms an improper input neutralization in the INFINITUM Geo Controller (Geo Controller cf-geoplugin) WordPress plugin, causing a Stored XSS. Affected versions are Geo Controller up to 8.6.4 (inclusive). Root cause: input is not properly sanitized during web pa...

WordPress Plugin Geo Controller 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

PT-2024-23380 · Unknown · Infinitum Form Geo Controller

Name of the Vulnerable Software and Affected Versions: INFINITUM FORM Geo Controller versions n/a through 8.6.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacke...

CVE-2024-30227

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4...

CVE-2024-30227

The CVE-2024-30227 entry concerns the WordPress Geo Controller plugin (≤ 8.6.4). The vulnerability is due to Deserialization of Untrusted Data leading to PHP Object Injection, with unauthenticated exploitation possible. Impact is high (confidentiality, integrity, availability all affected) and CV...

CVE-2024-30227 WordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4...