4 matches found
CVE-2025-4103
creationtimestamp| type| source ---|---|--- 2025-05-31 07:12:29+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqh6zvdkpid2 2025-05-31 09:37:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqhh5uz7v42q...
CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...
CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...
WordPress WP-GeoMeta plugin 0.3.4-0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation via wpajaxwpgmstartgeojsonimport Function vulnerability discovered by kr0d in WordPress Plugin WP-GeoMeta versions 0.3.4-0.3.5...