CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24976 – Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24976
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting El plugin Smart SEO Tool de WordPress versiones anteriores a 3.0.6, no sanea y escapa del parámetro search antes de devolverlo en un atributo cuando la configuración de optimización TDK está habilitada, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2637305 https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •