VYPR

Post Meta Data Manager

by WordPress

CVEs (3)

  • CVE-2023-5425HigOct 28, 2023
    risk 0.50cvss 8.8epss 0.01

    The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for…

  • CVE-2023-5426HigOct 28, 2023
    risk 0.42cvss 7.5epss 0.00

    The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This…

  • CVE-2023-5776MedNov 21, 2023
    risk 0.28cvss 4.3epss 0.00

    The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions.…