CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44626 – WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-44626
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20. Vulnerabilidad de autorización faltante en Squirrly SEO Plugin by Squirrly SEO. Este problema afecta al complemento SEO de Squirrly SEO: desde n/a hasta 12.1.20. The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized access/modification or loss of data due to a missing capability check on AJAX action handlers in versions up to, and including, 12.1.20. This makes it possible for authenticated attackers with subscriber-level access, and above, to invoke those functions. • https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45065 – WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.20 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-45065
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' and 'tab' parameters in versions up to, and including, 12.1.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38140 – WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.10 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-38140
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. Vulnerabilidad de carga arbitraria de archivos autenticada (con permisos de colaboradores o superiores) en el complemento SEO Plugin by Squirrly SEO en WordPress en versiones <= 12.1.10. The SEO Plugin by Squirrly SEO for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 12.1.10. This makes it possible for authenticated attackers, with contributor level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-seo-plugin-by-squirrly-seo-plugin-12-1-10-auth-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25019 – SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25019
The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin SEO de Squirrly SEO de WordPress versiones anteriores a 11.1.12, no escapa el parámetro type antes de devolverlo en un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/cea0ce4b-886a-47cc-8653-a297e9759d09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •