CVE-2023-5776

CVE-2023-5776 (Post Meta Data Manager, WordPress) is a CSRF vulnerability in all versions up to 1.2.1 due to missing nonce validation on meta deletion endpoints (pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, pmdm_wp_delete_user_meta). Unauthenticated attackers can forge requests to delete a...

CVE-2023-5425

CVE-2023-5425 concerns the WordPress plugin Post Meta Data Manager (versions up to 1.2.0). The vulnerability is a missing capability check in functions pmdm_wp_change_user_meta and pmdm_wp_change_post_meta , enabling authenticated users with at least subscriber privileges to escalate to administr...

CVE-2023-5426

CVE-2023-5426 affects the WordPress plugin Post Meta Data Manager (versions ≤ 1.2.0). A missing capability check in functions pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta allows unauthenticated attackers to delete user, term, and post meta belonging to arbitrar...

CVE-2024-13835

CVE-2024-13835 affects the WordPress plugin Post Meta Data Manager (

CVE-2024-6264

CVE-2024-6264 in the WordPress plugin Post Meta Data Manager allows Stored Cross-Site Scripting via the '$meta_key' parameter in versions up to 1.2.3. Exploitation requires Contributor+ auth and occurs on pages with injected scripts; the attacker can cause script execution when users visit those ...