My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

CVE-2025-11863

The My Geo Posts Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mygeocity' shortcode in all versions up to, and including, 1.2. This is due to the plugin not properly sanitizing user input or escaping output of the 'default' shortcode attribute. This makes it...

PT-2025-46258

Name of the Vulnerable Software and Affected Versions My Geo Posts Free plugin for WordPress versions prior to 1.3 Description The My Geo Posts Free plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'mygeo city' shortcode. This occurs because the plugin does not...

WordPress plugin My Geo Posts Free 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress My Geo Posts Free plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin My Geo Posts Free versions = 1.2...

CVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...

CVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...

CVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2...

CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2...

CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...

PT-2024-35273 · Unknown · My Geo Posts Free

Name of the Vulnerable Software and Affected Versions: My Geo Posts Free versions 1.2 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can be exploited due to the deserialization of untrusted data, potentially leading to...

WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin My Geo Posts Free versions = 1.2...

WordPress My Geo Posts Free Plugin <= 1.2 is vulnerable to PHP Object Injection

Software My Geo Posts Free Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52433 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID abf48ca2de6d Credits Mika Required privilege Unauthenticated...

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher...