7.5
CVE-2023-5426
- EPSS 0.47%
- Veröffentlicht 28.10.2023 12:15:38
- Zuletzt bearbeitet 08.04.2026 19:18:47
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPost Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion
Post Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.
Mögliche Gegenmaßnahme
Post Meta Data Manager: Update to version 1.2.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpexpertplugins ≫ Post Meta Data Manager SwPlatformwordpress Version < 1.2.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Post Meta Data Manager
Version
*-1.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.368 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://plugins.trac.wordpress.org/changeset/2981559/post-meta-data-manager
https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782