The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-04-10T14:14:39.985Z

Updated: 2024-08-02T05:49:10.358Z

Reserved: 2023-03-13T19:25:08.399Z

Link: CVE-2023-1381

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-10T15:15:07.237

Modified: 2024-11-21T07:39:04.410

Link: CVE-2023-1381

cve-icon Redhat

No data.