CVE-2023-6962
WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts.
El complemento WP Meta SEO para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 4.5.12 incluida a través de la meta descripción. Esto hace posible que atacantes no autenticados revelen información potencialmente confidencial a través de la meta descripción de publicaciones protegidas con contraseña.
*Credits:
Krzysztof Zając
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-19 CVE Reserved
- 2024-04-16 CVE Published
- 2024-05-03 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1230: Exposure of Sensitive Information Through Metadata
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Joomunited Search vendor "Joomunited" | WP Meta SEO Search vendor "Joomunited" for product "WP Meta SEO" | <= 4.5.12 Search vendor "Joomunited" for product "WP Meta SEO" and version " <= 4.5.12" | en |
Affected
| ||||||