CVE-2024-6330

CRITICAL

GEO my WP <4.5.0.2 - RCE

Title source: llm

Description

The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-6330

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/

Scores

CVSS v3 9.8

EPSS 0.4353

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (1)

geomywp/geo_my_wordpress < 4.5.0.2

Timeline

Published Aug 19, 2024

Tracked Since Feb 18, 2026