[GHSA-m4q3-832v-44j6] The Meta Box plugin for WordPress is vulnerable to...

[ictbeheer]

Updates

• Affected products
• Summary

Comments
Add package name

[Copilot]

Pull request overview

Updates the GHSA advisory metadata for the Meta Box WordPress plugin vulnerability by adding package/affected information and a clearer summary.

Changes:

• Added a summary describing the affected versions and impact.
• Populated the affected array with a Packagist package and fixed version range.
• Updated the modified timestamp.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

The CVSS vector indicates PR:H (High privileges required), but the details state the attack is possible with "Contributor-level access and above", which is typically not “High” privileges. Update the CVSS vector to match the described privilege requirement (or adjust the details if PR:H is intentional).

Suggested change

	"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
	"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"

[Copilot]

Please confirm the package identifier matches the canonical Packagist package name. If this is a WordPress plugin that isn’t actually published under wpmetabox/meta-box on Packagist, downstream tooling may fail to associate the advisory with the correct package; use the correct Packagist name (or the appropriate ecosystem/package identity supported by your schema).

Suggested change

	"name": "wpmetabox/meta-box"
	"name": "meta-box/meta-box"

[advisory-database]

Hi @ictbeheer! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!