cleantalk
Vulnerabilities and Security Researches

WP Meta SEO, 4ac0913c16af784e4888952b6ae7c197711460e4

CVE, Research URL

4ac0913c16af784e4888952b6ae7c197711460e4

Home page URL

Security reports for WP Meta SEO

Application

WP Meta SEO

Published on
Feb 24, 2023
Research Description
WP Meta SEO [wp-meta-seo] < 4.5.3 WP Meta SEO <= 4.5.2 - Missing Authorization in 'startProcess' to Arbitrary Redirect via 'update_link_redirect' task The WP Meta SEO plugin for WordPress is vulnerable to unauthorized execution of tasks due to a missing capability check on the startProcess function in versions up to, and including, 4.5.2. This makes it possible for authenticated attackers with subscriber-level access to perform tasks reserved for administrators such as post modifications. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. Attackers could leverage this to redirect victims to an arbitrary location by setting the link_redirect location through the update_link_redirect task.
Affected versions
max 4.5.3.
Status
vulnerable
Previous vulnerability researches
WP Meta SEO (CVE-2024-45456) , Sep 15, 2024
WP Meta SEO (CVE-2024-45455) , Sep 15, 2024
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (254b20c7ff2f16f464a547cdbf84ab314a3580be) , Jun 16, 2026
New vulnerability
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
Bulk SEO Image (CVE-2026-11997) , Jun 25, 2026