CVE-2024-2165
- EPSS 0.23%
- Veröffentlicht 09.04.2024 19:15:28
- Zuletzt bearbeitet 30.09.2025 17:56:44
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible ...
CVE-2023-6290
- EPSS 0.08%
- Veröffentlicht 22.01.2024 20:15:47
- Zuletzt bearbeitet 21.11.2024 08:43:32
The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2023-1669
- EPSS 18.08%
- Veröffentlicht 02.05.2023 08:15:10
- Zuletzt bearbeitet 30.01.2025 15:15:13
The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
CVE-2021-34641
- EPSS 0.35%
- Veröffentlicht 16.08.2021 19:15:14
- Zuletzt bearbeitet 21.11.2024 06:10:52
The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0....