318 matches found
WordPress plugin All In One SEO Pack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin Rank Math SEO versions = 1.0.252.1...
CVE-2025-9277
CVE-2025-9277 concerns the WordPress plugin SiteSEO – SEO Simplified (versions up to and including 1.2.7). The vulnerability is a Stored Cross-Site Scripting due to a broken preg_replace expression and inadequate input sanitization/output escaping. Exploitation requires authentication at Contribu...
CVE-2025-48165 WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through = 2.6.0...
WordPress smart SEO Plugin <= 4.0 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme smart SEO versions = 4.0...
Drupal Real-time SEO for Drupal 跨站脚本漏洞
Drupal Real-time SEO for Drupal is a keyword plugin for the Drupal community. A cross-site scripting vulnerability exists in Drupal Real-time SEO for Drupal versions prior to 2.2.0, which stems from improper input neutralization during page generation and could lead to a cross-site scripting atta...
WordPress hpb seo plugin for WordPress plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin hpb seo plugin for WordPress versions = 3.0.1...
WordPress plugin Slim SEO SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2025-3302
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTPREFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-3302
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTPREFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER'
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTPREFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-3302
The CVE-2025-3302 entry concerns Xagio SEO – AI Powered SEO for WordPress. Affected are all versions up to and including 7.1.0.16, vulnerable to Unauthenticated Stored Cross-Site Scripting via HTTP_REFERER due to insufficient input sanitization and output escaping. The vulnerability was partially...
WordPress Xagio SEO plugin <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'HTTPREFERER' vulnerability discovered by Jack Taylor in WordPress Plugin Xagio SEO versions = 7.1.0.16...
PT-2025-25204 · WordPress · Xagio Seo
Name of the Vulnerable Software and Affected Versions: Xagio SEO – AI Powered SEO plugin for WordPress versions up to, and including, 7.1.0.16 Description: The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP REFERER parameter due to...
CVE-2024-0597
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-4611
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slimseobreadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-3554
The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on...
CVE-2024-10515
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor...
CVE-2024-4041
The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2023-0876
The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability...