← Volver a CVEs
CVE-2023-4823
MEDIUM5.4
Descripcion
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado10/31/2023
Ultima modificacion4/23/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
prasadkirpekar:wp_meta_and_date_remover
Debilidades (CWE)
CWE-79
Referencias
https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30(contact@wpscan.com)
https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.