7.5
CVE-2023-5426
- EPSS 0.15%
- Veröffentlicht 28.10.2023 12:15:38
- Zuletzt bearbeitet 21.11.2024 08:41:44
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPost Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.
Mögliche Gegenmaßnahme
Post Meta Data Manager: Update to version 1.2.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Post Meta Data Manager
Version
* - 1.2.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpexpertplugins ≫ Post Meta Data Manager SwPlatformwordpress Version < 1.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.367 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|