Lucene search
WPScanCVE-2023-0876HistoryMar 20, 2023 - 4:15 p.m.
CVE-2023-0876
2023-03-2016:15:12
WPScan
web.nvd.nist.gov
36
cve-2023-0876
wp meta seo
wordpress plugin
ajax actions
arbitrary redirect vulnerability
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
39.7%
The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.
Affected configurations
Node
joomunitedwp_meta_seoRange<4.5.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| joomunited | wp_meta_seo | * | cpe:2.3:a:joomunited:wp_meta_seo:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Meta SEO",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.5.3"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
openvas
openvas
WordPress WP Meta SEO Plugin < 4.5.3 Open Redirect Vulnerability
2023-05-11 00:00:00
nvd
nvd
CVE-2023-0876
2023-03-20 16:15:12
wpvulndb
wpvulndb
prion
prion
Spoofing
2023-03-20 16:15:00
cvelist
cvelist
wpexploit
wpexploit
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
39.7%
Related for CVE-2023-0876