CVE-2024-6330 in GEO my WP Plugin
Summary
by MITRE • 08/19/2024
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/28/2025
The vulnerability identified as CVE-2024-6330 affects the GEO my WP WordPress plugin version 4.5.0.1 and earlier, presenting a critical security risk that allows unauthenticated attackers to achieve remote code execution through arbitrary file inclusion. This flaw exists within the plugin's handling of user input parameters that are directly incorporated into PHP's include or require statements without proper sanitization or validation. The vulnerability stems from insufficient input validation mechanisms that permit attackers to manipulate parameters passed to PHP's file inclusion functions, creating a pathway for arbitrary code execution on the target system.
The technical exploitation of this vulnerability occurs when an attacker crafts malicious input that gets processed by the plugin's code path, ultimately leading to PHP's include or require functions executing unintended files. This type of vulnerability falls under the Common Weakness Enumeration category CWE-94, which specifically addresses "Improper Control of Generation of Code ('Code Injection')" and represents a subset of the broader CWE-74 category for "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')." The flaw demonstrates characteristics of a remote code execution vulnerability where attackers can execute arbitrary PHP code on the web server, potentially gaining full control over the affected WordPress installation.
From an operational perspective, this vulnerability poses significant risk to WordPress installations using the affected GEO my WP plugin version. Since the attack requires no authentication, any user with access to the web application can exploit this flaw, making it particularly dangerous in environments where the plugin is widely used or where attackers can easily discover the vulnerable endpoint. The impact extends beyond simple code execution as attackers can leverage this capability to establish persistent access, exfiltrate sensitive data, modify website content, or use the compromised system as a launch point for further attacks within the network infrastructure. The vulnerability's severity is amplified by the fact that it affects a widely deployed WordPress plugin, potentially exposing numerous websites to compromise.
Mitigation strategies for CVE-2024-6330 should prioritize immediate plugin updates to version 4.5.0.2 or later, which contains the necessary patches to address the arbitrary file inclusion vulnerability. System administrators should also implement additional defensive measures such as restricting file inclusion functions through PHP configuration settings, implementing web application firewalls to detect and block malicious requests, and monitoring for unusual file access patterns or execution attempts. The vulnerability aligns with tactics described in the MITRE ATT&CK framework under the T1059.007 technique for "Command and Scripting Interpreter: PowerShell" and T1566.001 for "Phishing: Spearphishing Attachment," as attackers could leverage this vulnerability to execute malicious code and establish persistence within the compromised environment. Organizations should also conduct thorough security assessments to identify any other potentially vulnerable plugins or components that may present similar attack surfaces, as the exploitation of such vulnerabilities can lead to complete system compromise and data breaches.