Joomunited

Wp Meta Seo

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-9643

  • EPSS 0.24%
  • Veröffentlicht 24.06.2026 05:33:29
  • Zuletzt bearbeitet 25.06.2026 13:26:11

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `wpmsTemplateRedirect()` hook detects a 404, it conc...

6.4

CVE-2026-11370

  • EPSS 0.24%
  • Veröffentlicht 24.06.2026 05:33:23
  • Zuletzt bearbeitet 25.06.2026 13:26:11

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, ...

5.4

CVE-2024-45456

  • EPSS 0.25%
  • Veröffentlicht 15.09.2024 08:15:13
  • Zuletzt bearbeitet 23.04.2026 15:19:06

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO wp-meta-seo allows Stored XSS.This issue affects WP Meta SEO: from n/a through <= 4.5.13.

4.8

CVE-2024-45455

  • EPSS 0.25%
  • Veröffentlicht 15.09.2024 08:15:13
  • Zuletzt bearbeitet 23.04.2026 15:19:05

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO wp-meta-seo allows Stored XSS.This issue affects WP Meta SEO: from n/a through <= 4.5.13.

5.3

CVE-2023-6962

  • EPSS 0.44%
  • Veröffentlicht 02.05.2024 17:15:08
  • Zuletzt bearbeitet 08.04.2026 17:17:17

The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive informa...

6.1

CVE-2023-6961

  • EPSS 0.45%
  • Veröffentlicht 02.05.2024 17:15:08
  • Zuletzt bearbeitet 08.04.2026 19:19:02

The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthentic...

8.8

CVE-2023-1381

Exploit
  • EPSS 1.69%
  • Veröffentlicht 10.04.2023 15:15:07
  • Zuletzt bearbeitet 11.02.2025 18:15:21

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in ce...

8.8

CVE-2023-0875

Exploit
  • EPSS 0.91%
  • Veröffentlicht 20.03.2023 16:15:12
  • Zuletzt bearbeitet 26.02.2025 19:15:15

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.

6.1

CVE-2023-0876

Exploit
  • EPSS 0.71%
  • Veröffentlicht 20.03.2023 16:15:12
  • Zuletzt bearbeitet 26.02.2025 19:15:15

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.

4.3

CVE-2023-1028

  • EPSS 0.32%
  • Veröffentlicht 28.02.2023 13:15:10
  • Zuletzt bearbeitet 08.04.2026 18:17:52

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attac...