2 matches found
CVE-2019-25146
The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2019-25146
The CVE-2019-25146 entry concerns the WordPress DELUCKS SEO plugin. A stored XSS vulnerability exists in saveSettings(), with no capability checks, in versions up to and including 2.1.7 due to insufficient input sanitization and output escaping. Unauthenticated attackers could inject arbitrary sc...