VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Dec 11, 2024

GEO my WP Vulnerabilities

Review known vulnerability records for the WordPress plugin GEO my WP (`geo-my-wp`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-54326, CVE-2024-9422 and CVE-2024-47327, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
2
Patch Coverage
100%
Last Updated
Dec 19, 2024
Priority CVE Quick Links

Fast paths into GEO my WP CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
7
CVE-2024-6330 Critical 4.5.0.2
CVE-2024-6330 GEO my WP Local File Inclusion

GEO my WordPress <= 4.5.0.1 - Unauthenticated Local File Inclusion

CVE-2024-9422 High 4.5
CVE-2024-9422 GEO my WP Remote Code Execution

GEO My WordPress <= 4.4.0.2 - Authenticated (Admin+) Arbitrary File Upload

CVE-2023-52134 Medium 4.0.3
CVE-2023-52134 GEO my WP SQL Injection

GEO my WordPress <= 4.0.2 - Authenticated(Administrator+) SQL Injection

CVE-2023-5467 Medium 4.0.1
CVE-2023-5467 GEO my WP Stored Cross-Site Scripting

GEO my WordPress <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE-2024-47327 Medium 4.5.0.4
CVE-2024-47327 GEO my WP Cross-Site Scripting

GEO my WordPress <= 4.5.0.3 - Reflected Cross-Site Scripting

CVE-2024-54326 Medium 4.5.1
CVE-2024-54326 GEO my WP Vulnerability

GEO my WordPress <= 4.5.0.4 - Missing Authorization via get_field_options_ajax

CVE-2024-32097 Medium 4.2
CVE-2024-32097 GEO my WP Cross-Site Request Forgery

GEO my WordPress <= 4.1 - Cross-Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for GEO my WP so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 1 high severity finding.
Recent CVEs
CVE-2024-54326, CVE-2024-9422 and CVE-2024-47327
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for GEO my WP

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-54326
CVE-2024-54326: GEO my WordPress <= 4.5.0.4 - Missing Authorization via get_field_options_ajax

The GEO my WordPress plugin for WordPress is vulnerable to unauthorized access to data due to a missing capability check on the get_field_options_ajax function in versions up to, and including, 4.5.0.4. This makes it possible for authenticated attackers, with subscriber-level acc...

Published
Dec 11, 2024
Patched Release
4.5.1
Affected Versions
Versions up to 4.5.0.4
Next Step
Update to 4.5.1 or newer if supported.
Open CVE-2024-54326 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-9422
CVE-2024-9422: GEO My WordPress <= 4.4.0.2 - Authenticated (Admin+) Arbitrary File Upload

The GEO My WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including 4.4.0.2 (or version up to 3.1 for premium). This makes it possible for authenticated attackers, with Administrator-level access a...

Published
Oct 31, 2024
Patched Release
4.5
Affected Versions
4.0 through 4.4.0.2
Next Step
Update to 4.5 or newer if supported.
Open CVE-2024-9422 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47327
CVE-2024-47327: GEO my WordPress <= 4.5.0.3 - Reflected Cross-Site Scripting

The GEO my WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Published
Sep 25, 2024
Patched Release
4.5.0.4
Affected Versions
Versions up to 4.5.0.3
Next Step
Update to 4.5.0.4 or newer if supported.
Open CVE-2024-47327 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-6330
CVE-2024-6330: GEO my WordPress <= 4.5.0.1 - Unauthenticated Local File Inclusion

The GEO my WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.5.0.1 via the 'form[info_window_template][content_path]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

Published
Jul 29, 2024
Patched Release
4.5.0.2
Affected Versions
Versions up to 4.5.0.1
Next Step
Update to 4.5.0.2 or newer if supported.
Open CVE-2024-6330 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-32097
CVE-2024-32097: GEO my WordPress <= 4.1 - Cross-Site Request Forgery

The GEO my WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions vi...

Published
Apr 11, 2024
Patched Release
4.2
Affected Versions
Versions up to 4.1
Next Step
Update to 4.2 or newer if supported.
Open CVE-2024-32097 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-52134
CVE-2023-52134: GEO my WordPress <= 4.0.2 - Authenticated(Administrator+) SQL Injection

The GEO my WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to 4.0.3 (exclusive) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated atta...

Published
Dec 28, 2023
Patched Release
4.0.3
Affected Versions
Versions before 4.0.3
Next Step
Update to 4.0.3 or newer if supported.
Open CVE-2023-52134 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-5467
CVE-2023-5467: GEO my WordPress <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers w...

Published
Oct 09, 2023
Patched Release
4.0.1
Affected Versions
Versions up to 4.0
Next Step
Update to 4.0.1 or newer if supported.
Open CVE-2023-5467 Report Open CVE Reference