Unrated severityNVD Advisory· Published Nov 22, 2024· Updated Nov 22, 2024

GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload

CVE-2024-9422

Description

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.

Affected products

WordPress/Geo My Wpv5
Range: 4.0
Package: https://wordpress.org/plugins/geo-my-wp

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000