Post Meta Data Manager < 1.2.1 – Unauthenticated Data Deletion | CVE 2023-5426

Affects Plugins

post-meta-data-manager

Fixed in 1.2.1

References

CVE

CVE-2023-5426

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

7.5 (high)

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

e5233164-a197-4413-a9b0-f43c9d9a1506

Timeline

Publicly Published

2023-10-27 (about 2 years ago)

Added

2023-11-03 (about 2 years ago)

Last Updated

2023-11-03 (about 2 years ago)

Other

Published

Title

Published

2025-10-31

Title

Qi Blocks < 1.4.4 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

Published

2023-01-19

Title

GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

Published

2023-09-05

Title

Starter Templates <= 3.2.5 - Incorrect Authorization

Published

2025-11-13

Title

Theater for WordPress < 0.19 - Missing Authorization

Published

2025-04-01

Title

Job Board Manager <= 2.1.60 - Missing Authorization