The Geo Controller plugin for WordPress is vulnerable to...
Moderate severity
Unreviewed
Published
Sep 5, 2024
to the GitHub Advisory Database
•
Updated Sep 5, 2024
Description
Published by the National Vulnerability Database
Sep 5, 2024
Published to the GitHub Advisory Database
Sep 5, 2024
Last updated
Sep 5, 2024
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.
References