Unauthorized Data Access in WP Meta SEO Plugin by WordPress
CVE-2023-1026
4.3MEDIUM
What is CVE-2023-1026?
The WP Meta SEO plugin for WordPress has a vulnerability that allows authenticated attackers, even those with only subscriber-level access, to gain unauthorized access to post listings by category. This issue arises from a missing capability check in the listPostsCategory function, which enables access to published posts without proper permissions. The reliance on nonce checks for access control is insufficient, as these nonces are accessible to all authenticated users, regardless of their assigned role.
Affected Version(s)
WP Meta SEO * <= 4.5.3