The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
History

Fri, 22 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Geomywp
Geomywp geo My Wordpress
CPEs cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*
Vendors & Products Geomywp
Geomywp geo My Wordpress
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 06:15:00 +0000

Type Values Removed Values Added
Description The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
Title GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-11-22T06:00:04.194Z

Updated: 2024-11-22T17:52:16.250Z

Reserved: 2024-10-01T20:26:08.308Z

Link: CVE-2024-9422

cve-icon Vulnrichment

Updated: 2024-11-22T17:46:09.517Z

cve-icon NVD

Status : Received

Published: 2024-11-22T06:15:20.370

Modified: 2024-11-22T18:15:18.287

Link: CVE-2024-9422

cve-icon Redhat

No data.