5 matches found
CVE-2023-4823
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...
CVE-2023-4823
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...
CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...
CVE-2023-4823
CVE-2023-4823 affects the WordPress plugin “WP Meta and Date Remover” (versions prior to 2.2.0). The vulnerability arises from an AJAX endpoint used to configure plugin settings that lacks capability checks and does not sanitize user input, with the input later output unescaped. This enables Stor...
WordPress WP Meta and Date Remover Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Meta and Date Remover Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4823 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e96e6b729f00 Credits dc11 Requir...