CVE-2024-6330 – The GEO my WP WordPress plugin before version 4... (How to Fix)

Q: What is the severity of CVE-2024-6330?

CVE-2024-6330 has a CVSS score of 9.8 (CRITICAL). The GEO my WP WordPress plugin before version 4.5.0.2 contains a critical vulnerability that allows unauthenticated attackers to include arbitrary files in PHP's execution context, leading to remote code execution. This affects all WordPress sites using vulnerable versions of the plugin, potentially compromising the entire web server.

📋 TL;DR

The GEO my WP WordPress plugin before version 4.5.0.2 contains a critical vulnerability that allows unauthenticated attackers to include arbitrary files in PHP's execution context, leading to remote code execution. This affects all WordPress sites using vulnerable versions of the plugin, potentially compromising the entire web server.

💻 Affected Systems

Products:

GEO my WP WordPress plugin

Versions: All versions before 4.5.0.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Geo My Wordpress by Geomywp

View all CVEs affecting Geo My Wordpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing attackers to execute arbitrary code, steal sensitive data, install backdoors, deface websites, or pivot to internal networks.

🟠

Likely Case

Website defacement, data theft, malware installation, and credential harvesting from the compromised WordPress installation.

🟢

If Mitigated

Limited impact if proper network segmentation, file integrity monitoring, and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and has publicly available proof-of-concept code, making exploitation trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.0.2

Vendor Advisory: https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find GEO my WP plugin. 4. Click 'Update Now' to version 4.5.0.2 or later. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Disable GEO my WP Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate geo-my-wp

Web Application Firewall Rule

all

Block requests to vulnerable plugin endpoints

# Add WAF rule to block /wp-content/plugins/geo-my-wp/ requests

🧯 If You Can't Patch

Implement strict network segmentation to isolate the WordPress server
Deploy file integrity monitoring to detect unauthorized file changes

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > GEO my WP version. If version is below 4.5.0.2, system is vulnerable.

Check Version:

wp plugin get geo-my-wp --field=version

Verify Fix Applied:

Confirm GEO my WP plugin version is 4.5.0.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-content/plugins/geo-my-wp/
PHP file inclusion attempts in web server logs
Unexpected file writes in plugin directories

Network Indicators:

HTTP requests with file inclusion parameters targeting GEO my WP endpoints
Outbound connections from web server to unknown IPs

SIEM Query:

source="web_server_logs" AND (uri="/wp-content/plugins/geo-my-wp/*" OR uri CONTAINS "include=" OR uri CONTAINS "require=")

📊 Metadata

CVE ID: CVE-2024-6330

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: August 19, 2024

Last Updated: May 27, 2025

🔗 References

https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON