318 matches found
CVE-2022-1093
The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed...
CVE-2022-44626
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20...
CVE-2021-25036
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users...
CVE-2021-25019
The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2013-5918
Cross-site scripting XSS vulnerability in platinumseopack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2015-9319
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser...
CVE-2025-4611
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slimseobreadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-4611 Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slimseobreadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-4611
The CVE-2025-4611 entry concerns the WordPress plugin Slim SEO – Fast & Automated WordPress SEO Plugin. Affected component: the slim_seo_breadcrumbs shortcode in all versions up to and including 4.5.3. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, en...
CVE-2025-2892
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and...
CVE-2025-2892 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and...
CVE-2025-3917
The 百度站长SEO合集支持百度/神马/Bing/头条推送 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the downloadremoteimagetomedialibrary function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2025-22783
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through = 12.4.03...
CVE-2025-22783
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through = 12.4.03...
CVE-2025-22783
CVE-2025-22783 affects the WordPress SEO Plugin by Squirrly SEO (versions up to and including 12.4.03). The root cause is improper neutralization of special elements in SQL commands, leading to SQL injection. Public sources in connected docs note that the vulnerability impacts confidentiality, in...
CVE-2025-22783 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03...
CVE-2025-22783 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through = 12.4.03...
WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Webula Patchstack Alliance in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.4.03...
SEO Automatic Seo Tools Plugin for WordPress Cross-Site Scripting
The WordPress SEO Automatic Seo Tools Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2025-1768
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...