Lucene search

CVE-2024-4900

🗓️ 24 Jun 2024 06:11:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

SEOPress WordPress plugin security vulnerabilit

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2024-4900 SEOPress < 7.8 - Contributor+ Open Redirect	24 Jun 202406:00	–	cvelist
wpexploit	SEOPress < 7.8 - Contributor+ Open Redirect	3 Jun 202400:00	–	wpexploit
Patchstack	WordPress SEOPress Plugin < 7.8 is vulnerable to Open Redirection	24 Jun 202400:00	–	patchstack
NVD	CVE-2024-4900	24 Jun 202406:15	–	nvd
WPVulnDB	SEOPress < 7.8 - Contributor+ Open Redirect	3 Jun 202400:00	–	wpvulndb
Vulnrichment	CVE-2024-4900 SEOPress < 7.8 - Contributor+ Open Redirect	24 Jun 202406:00	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)	13 Jun 202415:35	–	wordfence

Vulners

Node

seopress seopressRange<7.8wordpress

[
  {
    "vendor": "Unknown",
    "product": "SEOPress ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "7.8"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/

Parameter	Position	Path	Description	CWE
Social > Facebook Title	request body	/post	The plugin is vulnerable to open redirect due to lack of validation and escaping of the Facebook Title field.	CWE-601, CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Jun 2024 06:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS36.1

EPSS0.00118

SSVC