Seopress

Seopress

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-50454

  • EPSS 0.18%
  • Veröffentlicht 29.10.2024 22:15:05
  • Zuletzt bearbeitet 01.11.2024 12:57:35

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

8.8

CVE-2024-50455

  • EPSS 0.28%
  • Veröffentlicht 29.10.2024 21:15:04
  • Zuletzt bearbeitet 07.11.2024 17:01:30

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

8.8

CVE-2024-50456

  • EPSS 0.21%
  • Veröffentlicht 29.10.2024 21:15:04
  • Zuletzt bearbeitet 07.11.2024 17:02:03

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

6.1

CVE-2024-9225

  • EPSS 1.68%
  • Veröffentlicht 02.10.2024 08:15:03
  • Zuletzt bearbeitet 07.10.2024 20:24:41

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it poss...

9.8

CVE-2024-5488

Exploit
  • EPSS 74.8%
  • Veröffentlicht 09.07.2024 06:15:03
  • Zuletzt bearbeitet 21.05.2025 19:11:24

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the s...

5

CVE-2024-4899

Exploit
  • EPSS 0.21%
  • Veröffentlicht 24.06.2024 06:15:11
  • Zuletzt bearbeitet 19.05.2025 21:03:56

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.

6.1

CVE-2024-4900

Exploit
  • EPSS 0.23%
  • Veröffentlicht 24.06.2024 06:15:11
  • Zuletzt bearbeitet 19.05.2025 21:04:24

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post

5.4

CVE-2024-1168

  • EPSS 0.23%
  • Veröffentlicht 20.06.2024 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:49:57

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image...

5.4

CVE-2024-1134

  • EPSS 0.2%
  • Veröffentlicht 24.05.2024 06:15:08
  • Zuletzt bearbeitet 04.04.2025 18:22:20

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and outpu...

5.3

CVE-2024-34383

  • EPSS 0.1%
  • Veröffentlicht 06.05.2024 18:15:08
  • Zuletzt bearbeitet 21.11.2024 09:18:33

Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.