Key Information Vulnerability Name: WordPress belingoGeo Plugin <= 1.12.0 is vulnerable to Arbitrary File Download Priority: High priority CVSS Score: 7.5 Risk: This vulnerability is highly dangerous and expected to become mass exploited. Affected Versions: <= 1.12.0 Fix Status: No official fix available Report Date: 07 Apr 2025 Release Date: 11 May 2025 Solution: Automatically mitigate vulnerabilities and keep your websites safe using Patchstack's virtual patch. Vulnerability Details Type: Arbitrary File Download Description: This could allow a malicious actor to download any file from your website. This includes but is not limited to files that contain login credentials or backup files. Timeline Reported: 07 Apr 2025 by Nguyen Xuan Chien Early Warning: 09 May 2025 sent to Patchstack customers Published: 11 May 2025 by Patchstack