3 matches found
WordPress SEOPress Plugin 5.0.x < 5.0.4 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-34641
creationtimestamp| type| source ---|---|--- 2021-08-16 22:15:01+00:00| seen| https://t.me/cibsecurity/27403...
CVE-2021-34641
The CVE-2021-34641 entry concerns the WordPress SEOPress plugin (versions 5.0.0–5.0.3). A Stored Cross‑Site Scripting (XSS) vulnerability exists via the REST API endpoint, in particular through the processPut function in ~/src/Actions/Api/TitleDescriptionMeta.php, allowing an authenticated attack...