CVE-2021-24976 – Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24976

22 Dec 2021 — The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting El plugin Smart SEO Tool de WordPress versiones anteriores a 3.0.6, no sanea y escapa del parámetro search antes de devolverlo en un atributo cuando la configuración de optimización TDK está habilitada, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2637305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •