How severe is CVE-2023-1027?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2023-1027?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2023-1027 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.

Related Vulnerabilities

CVE-2017-1000243

MEDIUM

CVSS:4.3(Medium)

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

CWE-8622017

CVE-2017-1000388

MEDIUM

CVSS:4.3(Medium)

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modif...

CWE-8622017

CVE-2017-1000390

MEDIUM

CVSS:4.3(Medium)

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.

CWE-8622017

CVE-2017-1000400

MEDIUM

CVSS:4.3(Medium)

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current ...

CWE-8622017

CVE-2017-17693

MEDIUM

CVSS:4.3(Medium)

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

CWE-8622017

CVE-2017-2662

MEDIUM

CVSS:4.3(Medium)

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respec...

CWE-8622017