CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0597 – SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
https://notcve.org/view.php?id=CVE-2024-0597
29 Jan 2024 — The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has bee... • https://plugins.trac.wordpress.org/changeset/3023398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50854 – WordPress Squirrly SEO - Advanced Pack Plugin <= 2.3.8 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-50854
21 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Squirrly Squirrly SEO - Advanced Pack. Este problema afecta a Squirrly SEO - Advanced Pack: desde n/a hasta 2.3.8. The Squirrly SEO - Advanced Pack plugin for WordPress is vulnerab... • https://patchstack.com/database/vulnerability/squirrly-seo-pack/wordpress-squirrly-seo-advanced-pack-plugin-2-3-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45065 – WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.20 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-45065
17 Mar 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' and 'tab' parameters in versions up to, and including, 12.1.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user int... • https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38140 – WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.10 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-38140
25 Oct 2022 — Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. Vulnerabilidad de carga arbitraria de archivos autenticada (con permisos de colaboradores o superiores) en el complemento SEO Plugin by Squirrly SEO en WordPress en versiones <= 12.1.10. The SEO Plugin by Squirrly SEO for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 12.1.10. This makes it possible for authenticated attackers, with contributor level permissions an... • https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-seo-plugin-by-squirrly-seo-plugin-12-1-10-auth-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25019 – SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25019
28 Feb 2022 — The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin SEO de Squirrly SEO de WordPress versiones anteriores a 11.1.12, no escapa el parámetro type antes de devolverlo en un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/cea0ce4b-886a-47cc-8653-a297e9759d09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •