CVE-2024-9422

CVSS 3.1 Score 6.6 of 10 (medium)

Details

Published Nov 22, 2024

Summary

CVE-2024-9422 is a vulnerability affecting the GEO my WP and gmw-premium-settings plugins for WordPress. These plugins, before versions 4.5 and 3.1 respectively, fail to adequately validate uploaded files, creating an opportunity for attackers to upload arbitrary files. Successful exploitation could result in the execution of malicious PHP code on the server. WordPress users are advised to update these plugins to the latest versions to mitigate the risk of this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share