CVE-2025-4103
📋 TL;DR
The WP-GeoMeta WordPress plugin versions 0.3.4 to 0.3.5 contain a privilege escalation vulnerability where authenticated users with Subscriber-level access or higher can exploit a missing capability check in the wp_ajax_wpgm_start_geojson_import() function to gain administrator privileges. This affects all WordPress sites running the vulnerable plugin versions.
💻 Affected Systems
- WP-GeoMeta WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control over the WordPress site, allowing them to install malicious plugins/themes, modify content, steal sensitive data, or establish persistent backdoors.
Likely Case
Attackers elevate privileges to administrator and compromise the site's integrity, potentially defacing pages, injecting malicious code, or accessing sensitive user data.
If Mitigated
With proper access controls and monitoring, exploitation attempts are detected and blocked before privilege escalation occurs.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has valid credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.3.6
Vendor Advisory: https://wordpress.org/plugins/wp-geometa/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP-GeoMeta and update to version 0.3.6 or later. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable WP-GeoMeta Plugin
allTemporarily deactivate the vulnerable plugin until patching is possible.
wp plugin deactivate wp-geometa
Restrict User Registration
allDisable new user registration to prevent attackers from creating accounts to exploit this vulnerability.
🧯 If You Can't Patch
- Remove the WP-GeoMeta plugin entirely if updating is not possible.
- Implement strict access controls and monitor for unusual privilege escalation attempts.
🔍 How to Verify
Check if Vulnerable:
Check the WP-GeoMeta plugin version in WordPress admin under Plugins > Installed Plugins.Check Version:
wp plugin get wp-geometa --field=versionVerify Fix Applied:
Confirm WP-GeoMeta plugin version is 0.3.6 or higher after updating.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to wp_ajax_wpgm_start_geojson_import from non-admin users
- Sudden privilege changes for user accounts in WordPress logs
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=wpgm_start_geojson_import from non-admin IPs
SIEM Query:
source="wordpress.log" AND ("wp_ajax_wpgm_start_geojson_import" OR "privilege escalation")