CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6556 – SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6556
09 Jul 2024 — The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3115079%40smartcrawl-seo&new=3115079%40smartcrawl-seo&sfp_email=&sfph_mail= • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3287 – SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-3287
19 Apr 2024 — The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types. El complemento SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer para WordPress es vulnerable a la inyección no autorizada de descripciones ld+json debido a una falta d... • https://plugins.trac.wordpress.org/changeset/3073136/smartcrawl-seo/trunk/includes/core/schema/class-types.php?old=2943058&old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php • CWE-862: Missing Authorization •