Vulnerabilities > Infinitumform

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-7380 Missing Authorization vulnerability in Infinitumform GEO Controller
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9.
network
low complexity
infinitumform CWE-862
4.3
4.3
2024-09-05 CVE-2024-7381 Missing Authorization vulnerability in Infinitumform GEO Controller
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9.
network
low complexity
infinitumform CWE-862
5.3
5.3