1 results (0.001 seconds)
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9422 – GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9422
31 Oct 2024 — The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. The GEO My WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including 4.4.0.2 (or version up to 3.1 for premium). This makes it possible for authenticated attackers, with Administrator-level access and abo... • https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f • CWE-434: Unrestricted Upload of File with Dangerous Type •