Unauthorized Options Update in WP Meta SEO Plugin for Wordpress
CVE-2023-1022
4.3MEDIUM
What is CVE-2023-1022?
The WP Meta SEO plugin for WordPress has a vulnerability allowing authenticated attackers at the subscriber level to modify Google Analytics options. This arises from a missing capability check in the wpmsGGSaveInformation function, which improperly uses nonce checks as an access control measure, placing it within reach of all authenticated users, irrespective of their role.
Affected Version(s)
WP Meta SEO * <= 4.5.3