Missing Authorization Flaw in WP Meta and Date Remover by Prasad Kirpekar
CVE-2026-49051

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP Meta And Date Remover
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-49051?

The WP Meta and Date Remover plugin by Prasad Kirpekar is affected by a missing authorization vulnerability, which stems from incorrectly configured access control levels. This issue allows unauthorized individuals to exploit the plugin's functions, potentially exposing sensitive information or unauthorized actions. The vulnerability impacts versions from the initial release through 2.3.6, highlighting the critical need for updates to address security configurations properly.

Affected Version(s)

WP Meta and Date Remover <= 2.3.6

References

https://patchstack.com/database/wordpress/plugin/wp-meta-...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 27, 2026

Credit

Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program

CVE-2026-49051 Data

JSON