Rewterz Threat Advisory – CVE-2023-44323 – Microsoft Edge (Chromium-based) Vulnerability
October 30, 2023Rewterz Threat Alert – Trickbot Malware – Active IOCs
October 30, 2023Rewterz Threat Advisory – CVE-2023-44323 – Microsoft Edge (Chromium-based) Vulnerability
October 30, 2023Rewterz Threat Alert – Trickbot Malware – Active IOCs
October 30, 2023Severity
High
Analysis Summary
CVE-2023-5425 CVSS:8.8
Post Meta Data Manager plugin for WordPress could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-5426 CVSS:7.5
Post Meta Data Manager plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions. By sending a specially crafted request, an attacker could exploit this vulnerability to delete user, term, and post meta belonging to arbitrary users.
Impact
- Privileges Escalation
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-5425
- CVE-2023-5426
Affected Vendors
WordPress
Affected Products
- Post Meta Data Manager plugin for WordPress 1.2.0
Remediation
Upgrade to the latest version of Post Meta Data Manager plugin for WordPress, available from the WordPress Plugin Directory Web site.