Vulnerabilities > CVE-2023-1381 - Unspecified vulnerability in Joomunited WP Meta SEO
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.
Vulnerable Configurations
References
- https://blog.wpscan.com/uncovering-a-phar-deserialization-vulnerability-in-wp-meta-seo-and-escalating-to-rce/
- https://blog.wpscan.com/uncovering-a-phar-deserialization-vulnerability-in-wp-meta-seo-and-escalating-to-rce/
- https://wpscan.com/vulnerability/f140a928-d297-4bd1-8552-bfebcedba536
- https://wpscan.com/vulnerability/f140a928-d297-4bd1-8552-bfebcedba536