Lucene search
Dmirtii IgnatyevWPEX-ID:15346AE9-9A29-4968-A6A9-81D1116AC448HistoryJun 03, 2024 - 12:00 a.m.
SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-0300:00:00
Dmirtii Ignatyev
23
seopress contributor+ xss
Description The plugin does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
As a contributor, create a new Post, at the bottom of the page put the following payload in the "SEO Title" field and save: ;<img src=x onerror=alert(/XSS/)><
The XSS will be triggered upon saving, as well as when any user will edit the postReferences
Related
nvd
nvd
CVE-2024-4899
2024-06-24 06:15:11
cve
cve
CVE-2024-4899
2024-06-24 06:15:11
wpvulndb
wpvulndb
SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-03 00:00:00
vulnrichment
vulnrichment
CVE-2024-4899 SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-24 06:00:01
cvelist
cvelist
CVE-2024-4899 SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-24 06:00:01
wordfence
wordfence
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.1%
Related for WPEX-ID:15346AE9-9A29-4968-A6A9-81D1116AC448