CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6290 – WP SEO Press < 7.3 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-6290
The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento SEOPress de WordPress anterior a 7.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting incluso cuando unfiltered_html no está permitido. The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/78a13958-cd12-4ea8-b326-1e3184da970b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1669 – SEOPress < 6.5.0.3 - Admin+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-1669
The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. The SEOPress plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.5.0.2 via deserialization of untrusted input of the $redirect_value['sources'] value triggered to an import with the seopress_import_rk_redirections function. This allows authenticated attackers, with administrator-level privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://wpscan.com/vulnerability/fb8791f5-2879-431e-9afc-06d5839e4b9d • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-34641 – SEOPress <= 5.0.0 – 5.0.3 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-34641
The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3. El plugin SEOPress de WordPress, es vulnerable a un ataque de tipo Cross-Site-Scripting Almacenado por medio de la función processPut encontrada en el archivo ~/src/Actions/Api/TitleDescriptionMeta.php que permite a atacantes autenticados inyectar scripts web arbitrario, en las versiones 5.0.0 - 5.0.3. • https://plugins.trac.wordpress.org/browser/wp-seopress/tags/5.0.4/src/Actions/Api/TitleDescriptionMeta.php#L78 https://www.wordfence.com/blog/2021/08/xss-vulnerability-patched-in-seopress-affects-100000-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •