CVE-2024-2165

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access...

EUVD-2024-16936

Malicious code in bioql PyPI...

CVE-2025-48298

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue affects SEOPress for MainWP: from n/a through = 1.4...

WordPress SEOPress for MainWP <= 1.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin SEOPress for MainWP versions = 1.4...

CVE-2024-5488

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present...

CVE-2024-4900

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post...

CVE-2024-4899

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-1134

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for attacker...

CVE-2023-1669

The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

WordPress plugin SEOPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin SEOPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress SEOPress plugin <= 8.1.1 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SEOPress versions = 8.1.1...

SEOPress Plugin for WordPress < 7.9 PHP Object Injection

The WordPress SEOPress Plugin installed on the remote host is affected by a PHP object injection vulnerability via the deserialization of untrusted input from the 'title' parameter. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...

CVE-2024-9225

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject...

WordPress SEOPress plugin <= 8.1.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SEOPress versions = 8.1.1...

CVE-2024-5488

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present...

WordPress SEOPress plugin < 7.8 - Contributor+ Open Redirect vulnerability

Contributor+ Open Redirect vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SEOPress versions 7.8...

WordPress SEOPress plugin < 7.8 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmirtii Ignatyev in WordPress Plugin SEOPress versions 7.8...

CVE-2024-4900

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post...

PT-2024-33318 · WordPress · Seopress

Name of the Vulnerable Software and Affected Versions: SEOPress WordPress plugin versions prior to 7.8 Description: The issue concerns the SEOPress WordPress plugin, where certain Post settings are not properly sanitized and escaped, potentially allowing high-privilege users, such as contributors...