3 matches found
CVE-2026-11370
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...
CVE-2026-11370 WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...
PT-2026-51669
Name of the Vulnerable Software and Affected Versions WP Meta SEO versions prior to 4.5.19 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. Authenticated user...