Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2023/04/10 2:14 p.m.36 views

CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...

9.2AI score0.01689EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/04/10 2:14 p.m.10 views

CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...

9AI score0.01689EPSS
Exploits2References2
CVE
CVE
added 2023/04/10 2:14 p.m.75 views

CVE-2023-1381

CVE-2023-1381 affects the WP Meta SEO WordPress plugin and is due to a deserialization flaw in PHAR handling when image file paths are not validated. The issue, observed in versions before 4.5.5, includes a gadget chain that may be leveraged in certain configurations to achieve remote code execut...

8.8CVSS9AI score0.01689EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/03/30 12:0 a.m.19 views

WordPress WP Meta SEO Plugin < 4.5.5 is vulnerable to Deserialization of untrusted data

Software WP Meta SEO Type Plugin Vulnerable versions 4.5.5 Fixed in 4.5.5 OWASP Top 10 A1: Injection Classification Deserialization of untrusted data CVE CVE-2023-1381 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 9880ffba76ab Credits Alex Sanford Required privileg...

8.8CVSS6.8AI score0.01689EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder