CVE-2023-4823

Name of the Vulnerable Software and Affected Versions WP Meta and Date Remover WordPress plugin versions prior to 2.2.0

Description The issue concerns an AJAX endpoint for configuring plugin settings that lacks capability checks and fails to sanitize user input. This input is later output unescaped, allowing any authenticated users, such as subscribers, to change settings and perform Stored Cross-Site Scripting.

Recommendations For WP Meta and Date Remover WordPress plugin versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint for configuring plugin settings to minimize the risk of exploitation.