cleantalk
Vulnerabilities and Security Researches

WP Meta SEO, CVE-2023-1024

CVE, Research URL

CVE-2023-1024

Home page URL

Security reports for WP Meta SEO

Application

WP Meta SEO

Published on
Feb 28, 2023
Research Description
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
Affected versions
max 4.5.4.
Status
vulnerable
Previous vulnerability researches
WP Meta SEO (CVE-2024-45456) , Sep 15, 2024
WP Meta SEO (CVE-2024-45455) , Sep 15, 2024
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (254b20c7ff2f16f464a547cdbf84ab314a3580be) , Jun 16, 2026
New vulnerability
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
Bulk SEO Image (CVE-2026-11997) , Jun 25, 2026