CVE-2023-1022 - OpenCVE

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomunited	Wp Meta Seo

Configuration 1 [-]

cpe:2.3:a:joomunited:wp_meta_seo:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/2870465/wp-meta-seo/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-02-28T12:56:45.634Z

Updated: 2024-08-02T05:32:46.163Z

Reserved: 2023-02-24T18:36:21.509Z

Link: CVE-2023-1022

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-28T13:15:09.927

Modified: 2023-11-07T04:02:15.047

Link: CVE-2023-1022

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1022", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-02-24T18:36:21.509Z", "datePublished": "2023-02-28T12:56:45.634Z", "dateUpdated": "2024-08-02T05:32:46.163Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-02-28T12:56:45.634Z"}, "affected": [{"vendor": "joomunited", "product": "WP Meta SEO", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.5.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775"}, {"url": "https://plugins.trac.wordpress.org/changeset/2870465/wp-meta-seo/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "timeline": [{"time": "2023-02-23T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-02-23T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2023-02-24T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.163Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2870465/wp-meta-seo/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomunited:wp_meta_seo:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4E214F57-89F8-4B8B-AF7A-7104AF2A1794", "versionEndIncluding": "4.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role."}], "id": "CVE-2023-1022", "lastModified": "2023-11-07T04:02:15.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-02-28T13:15:09.927", "references": [{"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2870465/wp-meta-seo/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}