Lucene search
K

8790 matches found

OSV
OSV
added 2023/02/28 1:15 p.m.5 views

CVE-2023-1027

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

4.3CVSS6.6AI score0.00486EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/28 1:15 p.m.2 views

CVE-2023-1028

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...

4.3CVSS6.6AI score0.00316EPSS
Exploits0References4
NVD
NVD
added 2023/02/28 1:15 p.m.15 views

CVE-2023-1023

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change...

5.4CVSS5.1AI score0.00538EPSS
Exploits0References4
NVD
NVD
added 2023/02/28 1:15 p.m.21 views

CVE-2023-1027

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

4.3CVSS4.2AI score0.00486EPSS
Exploits0References4
OSV
OSV
added 2023/02/28 1:15 p.m.6 views

CVE-2023-1023

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change...

4.3CVSS6.6AI score0.00538EPSS
Exploits0References3
NVD
NVD
added 2023/02/28 1:15 p.m.15 views

CVE-2023-1026

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS4.2AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2023/02/28 1:15 p.m.6 views

CVE-2023-1028

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...

4.3CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2023/02/28 1:15 p.m.5 views

CVE-2023-1026

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS6.6AI score0.00576EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/28 1:15 p.m.2 views

CVE-2023-1026

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS6.6AI score0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/28 1:15 p.m.1 views

CVE-2023-1022

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google...

5.4CVSS6.6AI score0.00559EPSS
Exploits0References4
Prion
Prion
added 2023/02/28 1:15 p.m.21 views

Design/Logic Flaw

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4CVSS4.3AI score0.00576EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/02/28 1:15 p.m.21 views

Cross site request forgery (csrf)

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...

4.3CVSS4.3AI score0.00316EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/02/28 1:15 p.m.14 views

Design/Logic Flaw

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google...

4CVSS4.3AI score0.00559EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/28 12:56 p.m.11 views

CVE-2023-1022 WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google...

5.4CVSS6.6AI score0.00559EPSS
Exploits0References3
CVE
CVE
added 2023/02/28 12:56 p.m.47 views

CVE-2023-1023

The CVE-2023-1023 entry concerns the WordPress WP Meta SEO plugin. A missing capability check in the saveSitemapSettings function allows authenticated users with subscriber-level access to update sitemap-related plugin settings, due to reliance on a nonce-based access control that is accessible t...

5.4CVSS4.6AI score0.00538EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/28 12:56 p.m.8 views

CVE-2023-1024 WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps...

4.3CVSS6.6AI score0.00538EPSS
Exploits0References3
CVE
CVE
added 2023/02/28 12:55 p.m.54 views

CVE-2023-1026

Summary: CVE-2023-1026 affects the WP Meta SEO WordPress plugin (versions up to 4.5.3). The root cause is a missing capability check in the listPostsCategory function, causing unauthorized data access. The vulnerability arises because nonce-based access control was relied upon and the nonce was a...

4.3CVSS5.2AI score0.00576EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/02/28 12:55 p.m.23 views

CVE-2023-1026 WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS4.6AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/28 12:55 p.m.8 views

CVE-2023-1026 WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS6.6AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/28 12:54 p.m.12 views

CVE-2023-1027

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

4.3CVSS4.3AI score0.00486EPSS
Exploits0References3
Rows per page
Query Builder