10 matches found
CVE-2026-15300
CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...
CVE-2026-9757
The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...
CVE-2026-9757 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters
The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...
CVE-2024-6330
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution...
CVE-2024-9422
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...
CVE-2024-9422
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...
CVE-2024-47327 WordPress GEO my WP plugin <= 4.5.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eyal Fitoussi GEO my WordPress allows Reflected XSS.This issue affects GEO my WordPress: from n/a through 4.5.0.3...
CVE-2024-47327 WordPress GEO my WP plugin <= 4.5.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Reflected XSS.This issue affects GEO my WordPress: from n/a through = 4.5.0.3...
CVE-2024-6330
The CVE-2024-6330 entry concerns GEO my WP WordPress plugin prior to version 4.5.0.2. The vulnerability is an unauthenticated Local File Inclusion that allows attackers to cause Remote Code Execution by including arbitrary files in PHP’s execution context. Affected software is specifically GEO my...
PT-2024-37545 · WordPress · Geo My Wp
Name of the Vulnerable Software and Affected Versions: GEO my WP WordPress plugin versions prior to 4.5.0.2 Description: The issue allows unauthenticated attackers to include arbitrary files in PHP's execution context, leading to Remote Code Execution. This can be exploited by including malicious...