Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Meta Tag Manager

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-5983
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.03%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 06:00
Updated-22 Oct, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Meta Tag Manager < 3.3 - Contributor+ Open Redirect

The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags.

Action-Not Available
Vendor-Unknown
Product-Meta Tag Manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-22260
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.90%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:23
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Meta Tag Manager plugin <= 3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marcus (aka @msykes) Meta Tag Manager meta-tag-manager.This issue affects Meta Tag Manager: from n/a through <= 3.1.

Action-Not Available
Vendor-Marcus (aka @msykes)
Product-Meta Tag Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-1770
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.52%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 02:04
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-netweblogicpixelite
Product-Meta Tag Managermeta_tag_manager
CWE ID-CWE-502
Deserialization of Untrusted Data