VYPR

Geo My Wp

by WordPress

Source repositories

CVEs (9)

  • CVE-2026-52715CriJun 16, 2026
    risk 0.60cvss 9.3epss 0.00

    Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

  • CVE-2024-47327HigOct 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Reflected XSS.This issue affects GEO my WordPress: from n/a through <= 4.5.0.3.

  • CVE-2026-9757HigMay 30, 2026
    risk 0.42cvss 7.5epss 0.00

    The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's wp_magic_quotes protection,…

  • CVE-2025-62904MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson WP Geo wp-geo allows Stored XSS.This issue affects WP Geo: from n/a through <= 3.5.1.

  • CVE-2024-54326MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through <= 4.5.0.4.

  • CVE-2023-5467MedOct 10, 2023
    risk 0.42cvss 6.4epss 0.00

    The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers…

  • CVE-2024-32097MedApr 15, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.1.

  • CVE-2024-6330Aug 19, 2024
    risk 0.03cvss epss 0.02

    The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.

  • CVE-2024-9422Nov 22, 2024
    risk 0.00cvss epss 0.01

    The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.