Vulnerabilities > Wpexpertplugins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-6264 | Cross-site Scripting vulnerability in Wpexpertplugins Post Meta Data Manager The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-11-21 | CVE-2023-5776 | Cross-Site Request Forgery (CSRF) vulnerability in Wpexpertplugins Post Meta Data Manager The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. | 8.8 |
| 2023-10-28 | CVE-2023-5425 | Unspecified vulnerability in Wpexpertplugins Post Meta Data Manager The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. | 8.8 |
| 2023-10-28 | CVE-2023-5426 | Unspecified vulnerability in Wpexpertplugins Post Meta Data Manager The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. | 7.5 |