WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-23712

8.8HIGH

Key Information:

Vendor: WordPress
Status: User Meta Manager
Vendor: CVE Published:; 22 May 2023

What is CVE-2023-23712?

This vulnerability in the User Meta Manager plugin for WordPress allows attackers to exploit cross-site request forgery (CSRF) weaknesses, potentially leading to unauthorized actions being performed on behalf of authenticated users. Users of the affected versions should ensure that they apply necessary security measures to protect their websites from possible exploitation.

Affected Version(s)

User Meta Manager <= 3.4.9

References

https://patchstack.com/database/vulnerability/user-meta-m...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2023
Vulnerability Reserved
Jan 17, 2023

Credit

thiennv (Patchstack Alliance)