Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0876

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUM
EPSS
2.3%
top 15.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown WP Meta SEOJoomunited WP Meta SEO
Timeline
PublishedMar 20

Description

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/wp_meta_seo< 4.5.3

🔴Vulnerability Details

3
GHSA
GHSA-hjvp-3h96-35mg: The WP Meta SEO WordPress plugin before 42023-03-20
CVEList
WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect2023-03-20
VulnCheck
WP Meta SEO WordPress plugin AJAX actions Vulnerability2023

💥Exploits & PoCs

1
Nuclei
WordPress Meta SEO <= 4.5.2 - Open Redirect
CVE-2023-0876 (MEDIUM CVSS 6.1) | The WP Meta SEO WordPress plugin be | cvebase.io