Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:16 a.m.7 views

CVE-2023-4823

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...

5.4CVSS6.3AI score0.00377EPSS
Exploits2
NVD
NVD
added 2023/10/31 2:15 p.m.21 views

CVE-2023-4823

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...

5.4CVSS5.4AI score0.00377EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/10/31 1:54 p.m.6 views

CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...

6.6AI score0.00377EPSS
Exploits2References1
CVE
CVE
added 2023/10/31 1:54 p.m.55 views

CVE-2023-4823

CVE-2023-4823 affects the WordPress plugin “WP Meta and Date Remover” (versions prior to 2.2.0). The vulnerability arises from an AJAX endpoint used to configure plugin settings that lacks capability checks and does not sanitize user input, with the input later output unescaped. This enables Stor...

5.4CVSS5.6AI score0.00377EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/10/31 12:0 a.m.11 views

WordPress WP Meta and Date Remover Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta and Date Remover Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4823 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e96e6b729f00 Credits dc11 Requir...

5.4CVSS5.9AI score0.00377EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder