CVE-2023-0876
Published: 20 March 2023
Summary
CVE-2023-0876 is a medium-severity an unspecified weakness vulnerability in Joomunited Wp Meta Seo. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 14.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The WP Meta SEO WordPress plugin before version 4.5.3 is affected by an authorization flaw in which several AJAX actions lack proper access controls. This permits low-privilege users to modify selected data and results in an arbitrary redirect vulnerability. The issue carries a CVSS 3.1 score of 6.1 with a network attack vector, low complexity, no required privileges, and required user interaction.
Low-privilege users can exploit the missing authorization over the network to perform unauthorized data updates that trigger arbitrary redirects, potentially leading to phishing or further site manipulation. The CVSS vector indicates the attack can affect the confidentiality and integrity of a reflected scope without authentication in some cases.
Public references from WPScan document the vulnerability and identify the fixed release as version 4.5.3 or later, providing the primary mitigation path of updating the plugin.
EPSS for the CVE rose materially from a low baseline to a peak of 0.1661 on 2026-03-07 before receding to the current value of 0.0230, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12867
Vulnerability details
The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.