Post Meta Data Manager@* Security Vulnerabilities and Issues — Post Meta Data Manager@* CVE List

Lucene search

WpexpertpluginsPost Meta Data Manager*

4 matches found

CVE•added 2023/11/21 9:15 a.m.•74 views

CVE-2023-5776

The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible ...

8.8CVSS8.3AI score0.00111EPSS

CVE•added 2023/10/28 12:15 p.m.•69 views

CVE-2023-5425

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, wi...

8.8CVSS8.4AI score0.00175EPSS

CVE•added 2023/10/28 12:15 p.m.•45 views

CVE-2023-5426

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for ...

7.5CVSS7.5AI score0.00154EPSS

CVE•added 2024/07/02 11:15 a.m.•37 views

CVE-2024-6264

The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5.6AI score0.00172EPSS