CVE-2023-1029Cross-Site Request Forgery in WP Meta SEO

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 74.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joomunited WP Meta SEO
Timeline
PublishedFeb 24

Description

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5joomunited/wp_meta_seo4.5.3

🔴Vulnerability Details

2
GHSA
GHSA-jc77-pmhr-6hcm: The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 42023-02-24
CVEList
WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps'2023-02-24
CVE-2023-1029 — Cross-Site Request Forgery | cvebase