cleantalk
Vulnerabilities and Security Researches

My Geo Posts Free, 4bbb658dde36e1260617a340f6fe7cbc254765e3

CVE, Research URL

4bbb658dde36e1260617a340f6fe7cbc254765e3

Home page URL

Security reports for My Geo Posts Free

Application

My Geo Posts Free

Published on
Apr 27, 2017
Research Description
My Geo Posts Free [my-geo-posts-free] <= 1.2 (unfixed) My Geo Posts Free <= 1.2 - PHP Object Injection The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
max 1.2.
Status
vulnerable
Previous vulnerability researches
My Geo Posts Free (CVE-2025-11863) , Dec 11, 2025
My Geo Posts Free (CVE-2024-52433) , Nov 19, 2024
My Geo Posts Free (4bbb658dde36e1260617a340f6fe7cbc254765e3) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs &#8211; Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025