The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-10-28T11:06:04.112Z

Updated: 2024-08-02T07:59:44.538Z

Reserved: 2023-10-05T18:13:18.590Z

Link: CVE-2023-5425

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-28T12:15:37.717

Modified: 2024-11-21T08:41:44.800

Link: CVE-2023-5425

cve-icon Redhat

No data.