CVE-2023-1027
published 2023-02-28CVE-2023-1027: The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.49%
38.2th percentile
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomunited | wp_meta_seo | <= 4.5.3 | — |
| linux | linux_kernel | >= 5.11.0 < 5.15.111 | 5.15.111 |
| linux | linux_kernel | >= 5.16.0 < 6.1.28 | 6.1.28 |
| linux | linux_kernel | >= 5.2.0 < 5.4.243 | 5.4.243 |
| linux | linux_kernel | >= 5.5.0 < 5.10.180 | 5.10.180 |
| linux | linux_kernel | >= 6.2.0 < 6.2.15 | 6.2.15 |
| linux | linux_kernel | >= 6.3.0 < 6.3.2 | 6.3.2 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
kheaders: Use array declaration instead of char
osv·2025-12-24
CVE-2023-54056 kheaders: Use array declaration instead of char
kheaders: Use array declaration instead of char
In the Linux kernel, the following vulnerability has been resolved:
kheaders: Use array declaration instead of char
Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
and source buffers. Defining kernel_headers_data as "char" would trip
this check. Since these addresses are treated as byte arrays, define
them as arrays (as done everywhere else).
This was seen with:
$ cat /sys/kernel/kheaders.tar.xz >> /dev/null
detected buffer overflow in memcpy
kernel BUG at lib/string_helpers.c:1027!
...
RIP: 0010:fortify_panic+0xf/0x20
[...]
Call Trace:
ikheaders_read+0x45/0x50 [kheaders]
kernfs_fop_read_iter+0x1a4/0x2f0
...
GHSA
GHSA-6qcj-7675-pvc9: The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitem
ghsa_unreviewed·2023-02-28
CVE-2023-1027 [MEDIUM] CWE-862 GHSA-6qcj-7675-pvc9: The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitem
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
Red Hat
kernel: kheaders: Use array declaration instead of char
vendor_redhat·2025-12-24·CVSS 5.5
CVE-2023-54056 [LOW] CWE-843 kernel: kheaders: Use array declaration instead of char
kernel: kheaders: Use array declaration instead of char
In the Linux kernel, the following vulnerability has been resolved:
kheaders: Use array declaration instead of char
Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
and source buffers. Defining kernel_headers_data as "char" would trip
this check. Since these addresses are treated as byte arrays, define
them as arrays (as done everywhere else).
This was seen with:
$ cat /sys/kernel/kheaders.tar.xz >> /dev/null
detected buffer overflow in memcpy
kernel BUG at lib/string_helpers.c:1027!
...
RIP: 0010:fortify_panic+0xf/0x20
[...]
Call Trace:
ikheaders_read+0x45/0x50 [kheaders]
kernfs_fop_read_iter+0x1a4/0x2f0
...
A false positive buffer overflow detection was found in the Linux kernel's kheaders module. When CON
No detection rules found.
No public exploits indexed.
https://plugins.trac.wordpress.org/changeset/2870465/wp-meta-seo/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/4f589e21-7417-4b43-b580-4f1d3c2041f4?source=cvehttps://plugins.trac.wordpress.org/changeset/2870465/wp-meta-seo/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/4f589e21-7417-4b43-b580-4f1d3c2041f4
2023-02-28
Published