The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-11-22T15:33:21.567Z
Updated: 2023-11-22T15:33:21.567Z
Reserved: 2023-10-11T22:24:37.762Z
Link: CVE-2023-5537
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-22T16:15:13.310
Modified: 2023-11-28T19:28:43.267
Link: CVE-2023-5537
JSON object: View
Redhat Information
No data.
CWE