4 matches found
CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization
The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...
CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization
The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...
CVE-2023-1381
CVE-2023-1381 affects the WP Meta SEO WordPress plugin and is due to a deserialization flaw in PHAR handling when image file paths are not validated. The issue, observed in versions before 4.5.5, includes a gadget chain that may be leveraged in certain configurations to achieve remote code execut...
WordPress WP Meta SEO Plugin < 4.5.5 is vulnerable to Deserialization of untrusted data
Software WP Meta SEO Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A1: Injection Classification Deserialization of untrusted data CVE CVE-2023-1381 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 9880ffba76ab Credits Alex Sanford Required privileg...