cleantalk
Vulnerabilities and Security Researches

Geo Controller, CVE-2024-3591

CVE, Research URL

CVE-2024-3591

Home page URL

Security reports for Geo Controller

Application

Geo Controller

Published on
May 01, 2024
Research Description
The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
Affected versions
max 8.6.5.
Status
vulnerable
Previous vulnerability researches
Geo Controller (CVE-2025-62109) , Dec 11, 2025
Geo Controller (47880aa7-17ce-490a-9aed-c4ff9113b52d) , Jun 07, 2024
Geo Controller (CVE-2024-3591) , Jun 07, 2024
Geo Controller (CVE-2024-30227) , Jun 07, 2024
Geo Controller (CVE-2024-30451) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025