CVE-2023-1024 — Missing Authorization in WP Meta SEO
CWE-862 — Missing AuthorizationCWE-400 — Uncontrolled Resource ConsumptionCWE-918 — Server-Side Request ForgeryCWE-805 — Buffer Access with Incorrect Length ValueCWE-20 — Improper Input ValidationCWE-606 — Unchecked Input for Loop ConditionCWE-410 — Insufficient Resource PoolCWE-401 — Missing Release of Memory after Effective LifetimeCWE-771 — Missing Reference to Active Allocated ResourceCWE-763 — Release of Invalid Pointer or ReferenceCWE-122 — Heap-based Buffer OverflowCWE-772 — Missing Release of Resource after Effective Lifetime21 documents10 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 60.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 28
Latest updateDec 30
Description
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages2 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-rqjh-2xp3-wp52: The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps func↗2023-02-28
💥Exploits & PoCs
1Nuclei▶
glibc's syslog - Local Privilege Escalation