cleantalk
Vulnerabilities and Security Researches

Geo2 Maps Add-on for NextGEN Gallery, 4624f982-a331-414c-88c3-12761807ec95

CVE, Research URL

4624f982-a331-414c-88c3-12761807ec95

Home page URL

Security reports for Geo2 Maps Add-on for NextGEN Gallery

Application

Geo2 Maps Add-on for NextGEN Gallery

Published on
-
Research Description
Geo2 Maps Add-on for NextGEN Gallery [nextgen-gallery-geo] < 2.0.3 (closed) Geo2 Maps Add-on for NextGEN Gallery &lt; 2.0.3 - Unauthenticated PHP Object Injection The plugin nextgen-gallery-geo insecurely trusts serialised data submitted over the AJAX ngg_geo_showmap (v &lt;= 1.0.0) or geo2_maps_showmap (v &lt;= 2.0.2) actions, available to both unauthenticated and authenticated users. This opens up the site to a PHP object injection vulnerability potential exploit vector.
Affected versions
Min -, max 2.0.3.
Status
vulnerable
Previous vulnerability researches
Geo2 Maps Add-on for NextGEN Gallery (4624f982-a331-414c-88c3-12761807ec95) , Jun 07, 2024
NextGEN Gallery Voting (CVE-2025-28869) , Mar 26, 2025
NextGEN Gallery Voting (488bd710de9089b64a6d30cba806517c0fb9fdf5) , Jun 07, 2024
WordPress Gallery Plugin &#8211; NextGEN Gallery (CVE-2024-5020) , Dec 06, 2024
WordPress Gallery Plugin &#8211; NextGEN Gallery (CVE-2024-10545) , Feb 27, 2025
New vulnerability
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2025-48341) , May 21, 2025
Back Button Widget (CVE-2025-48252) , May 21, 2025
Cloudflare Turnstile or reCAPTCHA For All Pages, to Block Spam and Hackers Attack, Block Visitors from China (CVE-2025-48243) , May 21, 2025
Free Shipping Amount Label &amp; Progress Bar for WooCommerce (CVE-2025-48253) , May 21, 2025
WordPress Gallery Plugin &#8211; NextGEN Gallery (CVE-2024-5878) , May 21, 2025