cleantalk
Vulnerabilities and Security Researches

GEO my WordPress, CVE-2023-5467

CVE, Research URL

CVE-2023-5467

Home page URL

Security reports for GEO my WordPress

Application

GEO my WordPress

Published on
Oct 10, 2023
Research Description
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 4.0.1.
Status
vulnerable
Previous vulnerability researches
GEO my WordPress (CVE-2026-9757) , Jun 01, 2026
GEO my WordPress (CVE-2024-54326) , Dec 15, 2024
GEO my WordPress (CVE-2024-9422) , Nov 24, 2024
GEO my WordPress (CVE-2024-47327) , Sep 28, 2024
GEO my WordPress (CVE-2024-32097) , Jun 07, 2024
New vulnerability
GEO my WordPress (CVE-2026-9757) , Jun 01, 2026
StatCounter – Free Real Time Visitor Stats (CVE-2026-6275) , May 31, 2026
Post Snippets – Custom WordPress Code Snippets Customizer (CVE-2026-7430) , May 31, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2026-8995) , May 31, 2026
Login with phone number (CVE-2026-3655) , May 31, 2026