Medium severity5.3NVD Advisory· Published Sep 5, 2024· Updated Jun 17, 2026
CVE-2024-7381
CVE-2024-7381
Description
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- cpe:2.3:a:infinitumform:geo_controller:*:*:*:*:*:wordpress:*:*Range: <=8.6.9
<=8.6.9+ 1 more
- (no CPE)range: <=8.6.9
- (no CPE)
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.