Vulnerabilities and security researches formy-geo-posts-free my-geo-posts-free

Jun 07, 2024

CVE, Research URL: 4bbb658dde36e1260617a340f6fe7cbc254765e3
Home page URL: Security reports for My Geo Posts Free
Application: My Geo Posts Free
Date: Apr 27, 2017
Research Description: My Geo Posts Free [my-geo-posts-free] <= 1.2 (unfixed) My Geo Posts Free <= 1.2 - PHP Object Injection The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: max 1.2.
Status: vulnerable

Nov 19, 2024

CVE, Research URL: CVE-2024-52433
Home page URL: Security reports for My Geo Posts Free
Application: My Geo Posts Free
Date: Nov 18, 2024
Research Description: Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2.
Affected versions: max 1.2.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-11863
Home page URL: Security reports for My Geo Posts Free
Application: My Geo Posts Free
Date: Nov 11, 2025
Research Description: The My Geo Posts Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mygeo_city' shortcode in all versions up to, and including, 1.2. This is due to the plugin not properly sanitizing user input or escaping output of the 'default' shortcode attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.2.
Status: vulnerable