GHSA-rcqq-5h75-3j53
GitHub Security Advisory
⚠ Unreviewed
MODERATE
Has CVE
Advisory Details
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 13, 2025 6:28 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.