CVE-2023-5776

The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions. This makes it possible for...

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

CVE-2021-4389

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

CVE-2020-36746

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...

CVE-2025-43002

CVE-2025-43002 affects SAP S4CORE via the OData meta-data property. The root cause is a missing authorization check, allowing an authenticated attacker to access restricted information. Impact is described as low confidentiality impact with no reported effects on integrity or availability; CVSS 3...

CVE-2025-32024 bep/imagemeta allows excessively large EXIF data structures

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...

CVE-2025-31333 Odata meta-data tampering in SAP S4CORE entity

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted...

CVE-2024-13835

The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it...

CVE-2024-13835 Post Meta Data Manager <= 1.4.4 - Authentciated (Admin+) Multisite Privilege Escalation

The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it...

CVE-2024-13835 Post Meta Data Manager <= 1.4.4 - Authentciated (Admin+) Multisite Privilege Escalation

The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it...

CVE-2024-13835

CVE-2024-13835 affects the WordPress plugin Post Meta Data Manager (

WordPress plugin Post Meta Data Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-21777

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...

CVE-2025-23189

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

CVE-2025-23189

CVE-2025-23189 affects SAP NetWeaver and ABAP Platform (SDCCN) due to a missing authorization check in an RFC-enabled function module. An authenticated attacker could generate technical meta-data, with the documented impact limited to integrity (low), and no impact on confidentiality or availabil...

CVE-2025-23187 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

PT-2025-6122 · Sap · Sap Netweaver +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver and ABAP Platform versions prior to the fixed version Description: The issue is caused by a missing authorization check in an RFC enabled function module in the transaction SDCCN. This allows an unauthenticated attacker to...

CVE-2024-29763

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3...

CVE-2024-50450

Improper Control of Generation of Code 'Code Injection' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through = 1.3.3.4...