CVE-2024-5488 – SEOPress < 7.9 - Unauthenticated Object Injection
https://notcve.org/view.php?id=CVE-2024-5488
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. El complemento SEOPress WordPress anterior a 7.9 no protege adecuadamente algunas de sus rutas API REST, lo que combinado con otra vulnerabilidad de inyección de objetos puede permitir a atacantes no autenticados deserializar cadenas de dispositivos maliciosos, comprometiendo el sitio si hay una cadena adecuada presente. The SEOPress – On-site SEO plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.8 via deserialization of untrusted input from the 'title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. • https://wpscan.com/vulnerability/28507376-ded0-4e1a-b2fc-2182895aa14c • CWE-502: Deserialization of Untrusted Data •
CVE-2024-4900 – SEOPress < 7.8 - Contributor+ Open Redirect
https://notcve.org/view.php?id=CVE-2024-4900
The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post El complemento SEOPress WordPress anterior a 7.8 no valida ni escapa a una de sus configuraciones de publicación, lo que podría permitir que el colaborador y el rol superior realicen ataques de redireccionamiento abierto contra cualquier usuario que vea una publicación maliciosa. The SEOPress – On-site SEO plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 7.7.2. This is due to insufficient validation on the social post settings. This makes it possible for an authenticated attacker, with contributor-level access and above, to redirect users to potentially malicious sites if they can successfully trick them into performing an action. • https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-4899 – SEOPress < 7.8 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-4899
The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. El complemento SEOPress WordPress anterior a 7.8 no sanitiza ni escapa a algunas de sus configuraciones de publicación, lo que podría permitir a usuarios con altos privilegios, como los contribuyentes, realizar ataques de Cross-Site Scripting Almacenado. The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO Title field parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/15346ae9-9a29-4968-a6a9-81d1116ac448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •