Cross-Site Request Forgery Vulnerability in WP Meta SEO Plugin by WordPress
CVE-2023-1028
4.3MEDIUM
What is CVE-2023-1028?
The WP Meta SEO plugin for WordPress has a vulnerability that allows unauthenticated attackers to update plugin options through Cross-Site Request Forgery due to inadequate nonce validation on the setIgnore function. Attackers can exploit this flaw by tricking a site administrator into triggering a malicious request, enabling them to alter plugin settings without permission. It is crucial to update to the latest version to mitigate this risk.
Affected Version(s)
WP Meta SEO * <= 4.5.3