Lucene search
K

15 matches found

Patchstack
Patchstack
added 2026/02/03 11:0 a.m.12 views

WordPress SEOPress - On-site SEO plugin <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress SEOPress - On-site SEO plugin = 7.5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin SEOPress versions = 7.5.2.1...

6.4CVSS5.3AI score0.00259EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.6 views

CVE-2025-13085

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

4.3CVSS5.2AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 9:30 a.m.5 views

EUVD-2025-198140

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

4.3CVSS4.7AI score0.00207EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/11/19 6:45 a.m.4 views

CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

4.3CVSS4.8AI score0.00207EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/19 6:31 a.m.7 views

EUVD-2025-198108

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseoresetsettings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted acce...

5.3CVSS5.1AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2025/11/19 6:15 a.m.6 views

CVE-2025-12814

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseoresetsettings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted acce...

5.3CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2025/11/19 5:45 a.m.16 views

CVE-2025-12814

CVE-2025-12814 concerns the WordPress plugin SiteSEO – SEO Simplified (versions ≤ 1.3.2). The issue is an improper authorization check in siteseo_reset_settings, allowing an authenticated attacker who has at least one SiteSEO setting capability to modify data by reseting the plugin’s settings. Th...

5.3CVSS5.2AI score0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.3 views

WordPress plugin SiteSEO 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizati...

5.3CVSS6.5AI score0.00229EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/01 6:30 a.m.4 views

EUVD-2025-37412

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

4.3CVSS5.5AI score0.00214EPSS
Exploits0References4
CVE
CVE
added 2025/11/01 3:34 a.m.14 views

CVE-2025-12367

CVE-2025-12367 affects the WordPress SiteSEO – SEO Simplified plugin (versions up to and including 1.3.1). The vulnerability is Missing Authorization: authenticated attackers with Author-level access or higher can enable or disable arbitrary SiteSEO features due to insufficient permission checks....

4.3CVSS5.6AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/01 3:34 a.m.9 views

CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

4.3CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2025/08/26 10:26 p.m.22 views

CVE-2025-9277

CVE-2025-9277 concerns the WordPress plugin SiteSEO – SEO Simplified (versions up to and including 1.2.7). The vulnerability is a Stored Cross-Site Scripting due to a broken preg_replace expression and inadequate input sanitization/output escaping. Exploitation requires authentication at Contribu...

6.4CVSS5.6AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/11 8:42 a.m.21 views

CVE-2025-32491 WordPress Rankology SEO – On-site SEO plugin <= 2.2.4 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through = 2.2.4...

9.8CVSS0.00699EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.6 views

WordPress plugin SEOPress – On-site SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.9AI score0.00259EPSS
Exploits0References3
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.20 views

WordPress SEOPress, on-site SEO plugin 5.0.0 – 5.0.3 - Stored Cross-Site Scripting (XSS) vulnerability via REST-API

Stored Cross-Site Scripting XSS vulnerability via REST-API discovered by Chloe Chamberland WordFence in WordPress SEOPress, on-site SEO plugin versions 5.0.0 – 5.0.3. Solution Update the WordPress SEOPress, on-site SEO plugin to the latest available version at least 5.0.4...

6.4CVSS2.6AI score0.00651EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder