SB2023103036 - Multiple vulnerabilities in Post Meta Data Manager plugin for WordPress

Description

This security bulletin contains information about 2 vulnerabilities.

1) Improper Authorization (CVE-ID: CVE-2023-5425)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to a missing capability check on the "pmdm_wp_change_user_meta" and "pmdm_wp_change_post_meta" functions. A remote user can gain elevated privileges.

2) Improper Authorization (CVE-ID: CVE-2023-5426)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to a missing capability check on the "pmdm_wp_delete_user_meta", "pmdm_wp_delete_term_meta" and "pmdm_wp_ajax_delete_meta" functions. A remote attacker can delete user, term and post meta belonging to arbitrary users.

Remediation

Install update from vendor's website.

References

• https://plugins.trac.wordpress.org/changeset/2981559/post-meta-data-manager
• https://www.wordfence.com/threat-intel/vulnerabilities/id/d7f4e710-99a2-49df-a513-725e1daaa18a?source=cve
• https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782?source=cve