CVE-2023-1028 MEDIUM

CVE-2023-1028: WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore'

Vendor Joomunited

Product WP Meta SEO

Weakness CWE-352 · CSRF

Published February 28, 2023

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Key dates

02Disclosure timeline

February 28, 2023 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-1028 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2022-1831 WPlite <= 1.3.1 - Arbitrary Settings Update via CSRF CVE-2026-8409 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete CVE-2024-44028 WordPress NiceJob plugin < 3.6.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update CVE-2024-51632 WordPress SH Slideshow plugin <= 4.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability