Lucene search
K

318 matches found

CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin All In One SEO Pack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

4.3CVSS6.3AI score0.00255EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/11 6:57 p.m.10 views

WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin Rank Math SEO versions = 1.0.252.1...

4.3CVSS7AI score0.00205EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/08/26 10:26 p.m.25 views

CVE-2025-9277

CVE-2025-9277 concerns the WordPress plugin SiteSEO – SEO Simplified (versions up to and including 1.2.7). The vulnerability is a Stored Cross-Site Scripting due to a broken preg_replace expression and inadequate input sanitization/output escaping. Exploitation requires authentication at Contribu...

6.4CVSS5.6AI score0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.1 views

CVE-2025-48165 WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through = 2.6.0...

8.8CVSS5.2AI score0.00319EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/29 6:42 p.m.8 views

WordPress smart SEO Plugin <= 4.0 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme smart SEO versions = 4.0...

9.8CVSS8.9AI score0.00425EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

Drupal Real-time SEO for Drupal 跨站脚本漏洞

Drupal Real-time SEO for Drupal is a keyword plugin for the Drupal community. A cross-site scripting vulnerability exists in Drupal Real-time SEO for Drupal versions prior to 2.2.0, which stems from improper input neutralization during page generation and could lead to a cross-site scripting atta...

6.1CVSS6AI score0.00227EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/07/15 3:1 a.m.8 views

WordPress hpb seo plugin for WordPress plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin hpb seo plugin for WordPress versions = 3.0.1...

7.1CVSS7AI score0.00116EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.4 views

WordPress plugin Slim SEO SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.6CVSS7.8AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/13 12:4 p.m.6 views

CVE-2025-3302

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTPREFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.2CVSS6.3AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 12:15 p.m.10 views

CVE-2025-3302

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTPREFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.2CVSS0.00342EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/06/11 11:18 a.m.8 views

CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER'

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTPREFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.2CVSS6.2AI score0.00342EPSS
Exploits0References9
CVE
CVE
added 2025/06/11 11:18 a.m.66 views

CVE-2025-3302

The CVE-2025-3302 entry concerns Xagio SEO – AI Powered SEO for WordPress. Affected are all versions up to and including 7.1.0.16, vulnerable to Unauthenticated Stored Cross-Site Scripting via HTTP_REFERER due to insufficient input sanitization and output escaping. The vulnerability was partially...

7.2CVSS6.3AI score0.00342EPSS
Exploits0References9
Patchstack
Patchstack
added 2025/06/11 1:41 a.m.8 views

WordPress Xagio SEO plugin <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'HTTPREFERER' vulnerability discovered by Jack Taylor in WordPress Plugin Xagio SEO versions = 7.1.0.16...

7.2CVSS5.5AI score0.00342EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.4 views

PT-2025-25204 · WordPress · Xagio Seo

Name of the Vulnerable Software and Affected Versions: Xagio SEO – AI Powered SEO plugin for WordPress versions up to, and including, 7.1.0.16 Description: The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP REFERER parameter due to...

7.2CVSS6.3AI score0.00342EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/23 9:33 a.m.9 views

CVE-2024-0597

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.8AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.13 views

CVE-2025-4611

The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slimseobreadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS6AI score0.0046EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.4 views

CVE-2024-3554

The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00457EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.9 views

CVE-2024-10515

In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor...

3.5CVSS5.7AI score0.00303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.12 views

CVE-2024-4041

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6.4AI score0.00832EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.21 views

CVE-2023-0876

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability...

6.1CVSS6.8AI score0.00713EPSS
Exploits2References1
Rows per page
Query Builder