cleantalk
Vulnerabilities and Security Researches

WP Meta SEO, CVE-2023-1381

CVE, Research URL

CVE-2023-1381

Home page URL

Security reports for WP Meta SEO

Application

WP Meta SEO

Published on
Apr 10, 2023
Research Description
The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.
Affected versions
max 4.5.5.
Status
vulnerable
Previous vulnerability researches
WP Meta SEO (CVE-2024-45456) , Sep 15, 2024
WP Meta SEO (CVE-2024-45455) , Sep 15, 2024
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (254b20c7ff2f16f464a547cdbf84ab314a3580be) , Jun 16, 2026
New vulnerability
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
Bulk SEO Image (CVE-2026-11997) , Jun 25, 2026