7 matches found
CVE-2025-4103
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...
CVE-2025-4103
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...
CVE-2025-4103
CVE-2025-4103 affects the WordPress plugin WP-GeoMeta (versions 0.3.4–0.3.5). The vulnerability is a Privilege Escalation caused by a missing capability check in the function wp_ajax_wpgm_start_geojson_import(), enabling authenticated users with Subscriber-level access and above to elevate to Adm...
CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...
CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...
WordPress plugin WP-GeoMeta 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization...
PT-2025-23371 · WordPress · Wp-Geometa
Name of the Vulnerable Software and Affected Versions: WP-GeoMeta plugin for WordPress versions 0.3.4 through 0.3.5 Description: The issue is related to a missing capability check on the wp ajax wpgm start geojson import function, allowing authenticated attackers with Subscriber-level access and...