CVE-2024-7381

Name of the Vulnerable Software and Affected Versions Geo Controller plugin for WordPress versions up to, and including, 8.6.9

Description The issue arises from missing authorization and capability checks on the ajax shortcode cache function, allowing unauthenticated attackers to execute arbitrary shortcodes available on the target site. This enables potential exploitation without the need for authentication.

Recommendations For versions up to, and including, 8.6.9, consider disabling the ajax shortcode cache function as a temporary workaround until a patch is available. Restrict access to the Geo Controller plugin to minimize the risk of exploitation. Avoid using the Geo Controller plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.