The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.

Related CVEs

CVE-2024-7381

Key Information

GHSA ID

GHSA-4q7x-mgpp-gv6h

Published

September 5, 2024 12:31 PM

Last Modified

September 5, 2024 12:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 17, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.