CVE-2023-6961 – The WP Meta SEO WordPress plugin is vulnerable ... (How to Fix)

Q: What is the severity of CVE-2023-6961?

CVE-2023-6961 has a CVSS score of 7.2 (HIGH). The WP Meta SEO WordPress plugin is vulnerable to stored cross-site scripting (XSS) via the Referer HTTP header. Unauthenticated attackers can inject malicious scripts that execute when users visit compromised pages, potentially affecting all WordPress sites using vulnerable plugin versions.

📋 TL;DR

The WP Meta SEO WordPress plugin is vulnerable to stored cross-site scripting (XSS) via the Referer HTTP header. Unauthenticated attackers can inject malicious scripts that execute when users visit compromised pages, potentially affecting all WordPress sites using vulnerable plugin versions.

💻 Affected Systems

Products:

WP Meta SEO WordPress Plugin

Versions: All versions up to and including 4.5.12

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable plugin versions enabled.

📦 What is this software?

Wp Meta Seo by Joomunited

View all CVEs affecting Wp Meta Seo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Session hijacking, credential theft, or website defacement affecting visitors and administrators.

🟢

If Mitigated

Limited impact with proper Content Security Policy (CSP) headers and input validation, though stored XSS remains dangerous.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Stored XSS via HTTP headers is straightforward to exploit; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.13 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071453%40wp-meta-seo%2Ftrunk&old=3068145%40wp-meta-seo%2Ftrunk

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Meta SEO and update to version 4.5.13 or later. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Disable WP Meta SEO Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate wp-meta-seo

Implement Web Application Firewall (WAF)

all

Configure WAF rules to block malicious Referer headers containing script tags.

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to mitigate script execution
Monitor and filter Referer headers at the web server or reverse proxy level

🔍 How to Verify

Check if Vulnerable:

Check WP Meta SEO plugin version in WordPress admin under Plugins > Installed Plugins.

Check Version:

wp plugin get wp-meta-seo --field=version

Verify Fix Applied:

Confirm plugin version is 4.5.13 or higher and test Referer header injection attempts are sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual Referer headers containing script tags or JavaScript code in web server logs

Network Indicators:

HTTP requests with malicious Referer headers attempting XSS payloads

SIEM Query:

source="web_server_logs" AND (Referer="*<script>*" OR Referer="*javascript:*")

📊 Metadata

CVE ID: CVE-2023-6961

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: May 2, 2024

Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6961, you might also want to check these: