Unauthorized Data Access in WP Meta SEO Plugin by WordPress
CVE-2023-1026

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Meta SEO
Vendor: CVE Published:; 28 February 2023

Summary

The WP Meta SEO plugin for WordPress has a vulnerability that allows authenticated attackers, even those with only subscriber-level access, to gain unauthorized access to post listings by category. This issue arises from a missing capability check in the listPostsCategory function, which enables access to published posts without proper permissions. The reliance on nonce checks for access control is insufficient, as these nonces are accessible to all authenticated users, regardless of their assigned role.

Affected Version(s)

WP Meta SEO * <= 4.5.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2870465/wp-m...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Feb 24, 2023

Credit

Marco Wotschka