Unauthorized Sitemap Generation in WP Meta SEO Plugin for WordPress
CVE-2023-1027

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Meta SEO
Vendor: CVE Published:; 28 February 2023

What is CVE-2023-1027?

The WP Meta SEO plugin for WordPress has a vulnerability that allows authenticated users with subscriber-level access to generate unauthorized sitemaps. This flaw arises from a missing capability check in the checkAllCategoryInSitemap function, which fails to properly restrict access. The plugin's reliance on nonce checks for access control is inadequate, as the nonce is exposed to all authenticated users, regardless of their assigned role. As a result, potential attackers can exploit this weakness to access sensitive post categories.

Affected Version(s)

WP Meta SEO * <= 4.5.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2870465/wp-m...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Feb 24, 2023

Credit

Marco Wotschka