CVE-2023-4823

🗓️ 31 Oct 2023 13:54:42Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 49 Views🌐 WEB

WP Meta and Date Remover plugin 2.2.0 AJAX endpoint vulnerabilit

Reporter	Title	Published	Views	Family All 15
CNNVD	WordPress Plugin WP Meta and Date Remover Cross-Site Scripting Vulnerability	31 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS	31 Oct 202313:54	–	cvelist
EUVD	EUVD-2023-54665	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39	24 Nov 202301:37	–	fedora
Fedora	[SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37	26 Nov 202303:08	–	fedora
Fedora	[SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38	26 Nov 202303:05	–	fedora
NVD	CVE-2023-4823	31 Oct 202314:15	–	nvd
Patchstack	WordPress WP Meta and Date Remover Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)	31 Oct 202300:00	–	patchstack
Prion	Cross site scripting	31 Oct 202314:15	–	prion
Positive Technologies	PT-2023-30746 · WordPress · Wp Meta/Date Remover	31 Oct 202300:00	–	ptsecurity

NVD

Vulners

Node

prasadkirpekar wp_meta_and_date_removerRange<2.2.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "WP Meta and Date Remover",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.2.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30

Parameter	Position	Path	Description	CWE
settings[cssCode]	query param	/wp-admin/admin-ajax.php?action=update_settings&settings[removeByCSS]=true&settings[removeFromHome]=true&settings[cssCode]=</style><img src%3D1 onerror%3Dalert(document.domain)>	Stored XSS via unauthenticated/authenticated actions endpoint that outputs unsanitized input	CWE-79

23 Apr 2025 17:16Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.4

EPSS0.00216

SSVC

CWE-79