Lucene search
Dmirtii IgnatyevWPVDB-ID:15346AE9-9A29-4968-A6A9-81D1116AC448HistoryJun 03, 2024 - 12:00 a.m.
SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-0300:00:00
Dmirtii Ignatyev
wpscan.com
2
seopress
plugin
xss
vulnerability
high privilege
stored xss
Description The plugin does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
PoC
As a contributor, create a new Post, at the bottom of the page put the following payload in the “SEO Title” field and save: ;< The XSS will be triggered upon saving, as well as when any user will edit the post
References
Related
nvd
nvd
CVE-2024-4899
2024-06-24 06:15:11
wpexploit
wpexploit
SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-03 00:00:00
cve
cve
CVE-2024-4899
2024-06-24 06:15:11
vulnrichment
vulnrichment
CVE-2024-4899 SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-24 06:00:01
cvelist
cvelist
CVE-2024-4899 SEOPress < 7.8 - Contributor+ Stored XSS
2024-06-24 06:00:01
wordfence
wordfence
AI Score
5
Confidence
High
EPSS
0
Percentile
9.1%
Related for WPVDB-ID:15346AE9-9A29-4968-A6A9-81D1116AC448