← Zuruck zu CVEs
CVE-2023-4823
MEDIUM5.4
Beschreibung
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht10/31/2023
Zuletzt geandert4/23/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
prasadkirpekar:wp_meta_and_date_remover
Schwachen (CWE)
CWE-79
Referenzen
https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30(contact@wpscan.com)
https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.