CVE-2023-6962 — Exposure of Sensitive Information Through Metadata in WP Meta SEO

CWE-1230 — Exposure of Sensitive Information Through Metadata CWE-922 — Insecure Storage of Sensitive Information3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 39.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomunited WP Meta SEO

Timeline

PublishedMay 2

Description

The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDjoomunited/wp_meta_seo< 4.5.13

▶CVEListV5joomunited/wp_meta_seo4.5.12

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-qrcv-jf73-5vrq: The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4↗2024-05-02

▶

CVEList

WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description↗2024-05-02

▶