Lucene search
K

318 matches found

Nuclei
Nuclei
added 15 hours ago31 views

WordPress Meta SEO <= 4.5.2 - Open Redirect

The WP Meta SEO WordPress plugin before 4.5.3 did not authorize several AJAX actions, which allowed low-privilege users to update certain data and resulted in an arbitrary redirect vulnerability. id: CVE-2023-0876 info: name: WordPress Meta SEO = 4.5.2 - Open Redirect author: Khalid6468 severity:...

6.1CVSS6.5AI score0.00713EPSS
Exploits2References2
NVD
NVD
added 5 days ago8 views

CVE-2026-1667

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42949

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS6.2AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-1667

The CVE concerns the SEO Plugin by Squirrly SEO for WordPress (up to version 14.0.0) with a vulnerability in savePost() that allows unauthenticated users to create arbitrary posts and, if Advanced Custom Fields is installed, to inject stored XSS scripts. Root cause is a leak of an API token and i...

7.2CVSS6.2AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 7:53 a.m.9 views

EUVD-2026-40937

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.5 views

CVE-2026-9643

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUESTURI server variable in all versions up to, and including, 4.5.18. When the plugin's wpmsTemplateRedirect hook detects a 404, it concatenates $SERVER'HTTPHOST' with the raw...

7.2CVSS6AI score0.00241EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.60 views

CVE-2026-9643 WP Meta SEO <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting via REQUEST_URI in 404 Logging

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUESTURI server variable in all versions up to, and including, 4.5.18. When the plugin's wpmsTemplateRedirect hook detects a 404, it concatenates $SERVER'HTTPHOST' with the raw...

7.2CVSS0.00241EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/16 9:0 a.m.10 views

EUVD-2026-37050

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

5.9CVSS5.2AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.30 views

CVE-2026-52714 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

5.9CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.20 views

CVE-2026-52714

CVE-2026-52714 involves an unauthenticated broken access control in the WordPress SEO Plugin by Squirrly SEO, affected versions

5.9CVSS5.2AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.27 views

CVE-2026-34892 WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

6.5CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 5:16 a.m.15 views

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00296EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/06/06 3:28 a.m.8 views

CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:28 a.m.9 views

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References15
CVE
CVE
added 2026/06/06 3:28 a.m.29 views

CVE-2026-7624

The CVE concerns the SEO Plugin by Squirrly SEO for WordPress, vulnerable to an authorization bypass in all versions up to and including 12.4.16. The underlying issue is that the plugin fails to verify a user’s authorization before performing privileged cloud API operations. As a result, authenti...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/06 3:28 a.m.16 views

EUVD-2026-34956

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.17 views

WordPress plugin SEO Plugin by Squirrly SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00296EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 8:16 a.m.15 views

CVE-2026-8942

The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the metamagicupdateoptions function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 7:45 a.m.10 views

CVE-2026-8942 MetaMagic SEO Plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the metamagicupdateoptions function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
Rows per page
Query Builder