High vulnerability

CVE-2023-5426: The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized mo

Tracked since May 6, 2026
cve CVE-2023-5426 cvss-7

CVSS Breakdown

CVSS Base Score
Attack Vector
N/A
Requires physical access to exploit.
CIA Impact
Confidentiality N/A
Integrity N/A
Availability N/A

Exploit Probability (EPSS)

NaN%
NaN% probability of exploitation in 30 days
This vulnerability has a relatively low exploitation probability, but should still be patched according to your standard timelines.
Low

Insurance Impact Assessment

🛡️
Significant Impact

High-severity vulnerabilities may affect cyber insurance pricing and coverage terms. Demonstrating patch management reduces underwriting friction.

CVE CVE-2023-5426 with CVSS 7.5. The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for

Assess your exposure

Is your organization vulnerable? Run a free domain exposure scan to check.

Scan Your Domain → Broker Scorecard

Related Threats

CVE-2023-34992: A improper neutralization of special elements used in an os command ('os command
CVSS critical
CVE-2023-34976: A SQL injection vulnerability has been reported to affect Video Station. If expl
CVSS critical
CVE-2023-25960: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVSS critical
CVE-2023-4994: The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Co
CVSS critical
CVE-2023-5201: The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in vers
CVSS critical
← Back to Threat Feed