Cyber Resilience

CVE-2023-0876

MediumPublic PoC

Published: 20 March 2023

Published
20 March 2023
Modified
26 February 2025
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0230 85.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0876 is a medium-severity an unspecified weakness vulnerability in Joomunited Wp Meta Seo. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 14.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The WP Meta SEO WordPress plugin before version 4.5.3 is affected by an authorization flaw in which several AJAX actions lack proper access controls. This permits low-privilege users to modify selected data and results in an arbitrary redirect vulnerability. The issue carries a CVSS 3.1 score of 6.1 with a network attack vector, low complexity, no required privileges, and required user interaction.

Low-privilege users can exploit the missing authorization over the network to perform unauthorized data updates that trigger arbitrary redirects, potentially leading to phishing or further site manipulation. The CVSS vector indicates the attack can affect the confidentiality and integrity of a reflected scope without authentication in some cases.

Public references from WPScan document the vulnerability and identify the fixed release as version 4.5.3 or later, providing the primary mitigation path of updating the plugin.

EPSS for the CVE rose materially from a low baseline to a peak of 0.1661 on 2026-03-07 before receding to the current value of 0.0230, indicating that exploitation interest emerged after disclosure.

EU & UK References

Vulnerability details

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

joomunited
wp meta seo
≤ 4.5.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References