3 matches found
CVE-2023-5776
The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions. This makes it possible for...
CVE-2023-5776
CVE-2023-5776 (Post Meta Data Manager, WordPress) is a CSRF vulnerability in all versions up to 1.2.1 due to missing nonce validation on meta deletion endpoints (pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, pmdm_wp_delete_user_meta). Unauthenticated attackers can forge requests to delete a...
WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...