The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post
El complemento SEOPress WordPress anterior a 7.8 no valida ni escapa a una de sus configuraciones de publicación, lo que podría permitir que el colaborador y el rol superior realicen ataques de redireccionamiento abierto contra cualquier usuario que vea una publicación maliciosa.
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 7.7.2. This is due to insufficient validation on the social post settings. This makes it possible for an authenticated attacker, with contributor-level access and above, to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
