WordPress Plugin Vulnerabilities

WP Meta and Date Remover < 2.3.7 - Missing Authorization

Description

The WP Meta and Date Remover plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No

Timeline

Publicly Published
2026-05-27 (about 1 month ago)
Added
2026-06-01 (about 1 month ago)
Last Updated
2026-06-01 (about 1 month ago)

Other