WordPress Plugin Vulnerabilities
GEO my WordPress < 4.5.0.2 - Unauthenticated LFI to RCE/PHAR Deserialization
Description
The plugin does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which can lead to Remote Code Execution and PHAR Deserialization.
Proof of Concept
Affects Plugins
Fixed in 4.5.0.2 References
CVE
Classification
Type
RCE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Michael Dyrna
Submitter
Michael Dyrna
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-07-29 (about 1 year ago)
Added
2024-07-29 (about 1 year ago)
Last Updated
2024-08-12 (about 1 year ago)
WPScan 