My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

CVE-2025-11863

The My Geo Posts Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mygeocity' shortcode in all versions up to, and including, 1.2. This is due to the plugin not properly sanitizing user input or escaping output of the 'default' shortcode attribute. This makes it...

PT-2025-46258

Name of the Vulnerable Software and Affected Versions My Geo Posts Free plugin for WordPress versions prior to 1.3 Description The My Geo Posts Free plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'mygeo city' shortcode. This occurs because the plugin does not...

WordPress plugin My Geo Posts Free 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...

CVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...

CVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2...