Medium severity5.4NVD Advisory· Published Oct 31, 2023· Updated Jun 17, 2026
CVE-2023-4823
CVE-2023-4823
Description
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.2.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.