Geo Controller

Vulnerabilities 12Slug cf-geopluginLatest version 8.9.6WordPress.org →

Minimum safe version

8.7.4

Update to 8.7.4 or later to address 11 fixable vulnerabilities

Latest available8.9.6 ✓⚠ 1 vulnerability has no fix

Medium 5.3 Unfixed

2025-12-09≤ 8.9.4

CVE-2025-62109

CVE Wordfence

Medium 5.3

2024-09-05< 8.7.0

CVE-2024-7381

CVE Wordfence

Medium 4.3

2024-09-05< 8.7.4

CVE-2024-7380

CVE Patchstack Wordfence

Medium 6.5

2024-05-01< 8.6.5

CVE-2024-3591

CVE

Medium 6.5

2024-03-29< 8.6.5

CVE-2024-30451

CVE Wordfence Patchstack WPScan

Critical 9.0

2024-03-28< 8.6.5

CVE-2024-30227

CVE Patchstack

N/A

2024-02-10< 8.6.5

Geo Controller <= 8.6.4 - Unauthenticated PHP Object Injection via shortcode REST API Route

Wordfence

Medium 6.5

2026-01-05< 8.5.3

CVE-2023-51513

CVE EUVD Patchstack WPScan

N/A

2023-10-04< 8.5.3

WordPress Geo Controller Plugin < 8.5.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-10-04< 8.5.3

Geo Controller <= 8.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence

N/A

2021-08-31< 7.13.12

WordPress Geolocation Plugin – CF Geo Plugin <= 7.13.11 - Reflected Cross-Site Scripting

Wordfence

N/A

< 7.13.12

CF Geo Plugin < 7.13.12 - Reflected Cross-Site Scripting

WPScan