WP Meta SEO
Moderate fix1 remedy
cpe:2.3:a:joomunited:wp_meta_seo:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.5.3
WP Meta SEO Missing Authorization Vulnerability in Options Update
Vulnerability
Patched
A vulnerability exists in the WP Meta SEO plugin for WordPress, specifically in versions through 4.5.3. The issue arises from a missing capability check in the 'wpmsGGSaveInformation' function, allowing authenticated attackers with subscriber-level access to unauthorizedly update Google Analytics options managed by the plugin. This vulnerability stems from the plugin's reliance on nonce checks for access control, with the nonce being available to all authenticated users, regardless of their role.
Impact
Exploitation of this vulnerability allows for unauthorized updates to Google Analytics options in the WP Meta SEO plugin, potentially leading to misconfigured analytics tracking or data manipulation.
Remediation
Users can update to WP Meta SEO version 4.5.4 or a newer patched version to address this vulnerability.
Added: May 15, 2026, 12:22 PM
Updated: May 15, 2026, 12:22 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
0.6exploitability
6.1remediation
7.7relevance
0.0threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.