CVE Vulnerability

CVE-2022-1628

The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754807%40cds-simple-seo&new=2754807%40cds-simple-seo&sfp_email=&sfph_mail= Patch Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:coleds:simple_seo:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-09-06 06:15

Updated : 2022-09-09 04:36

NVD link : CVE-2022-1628

Mitre link : CVE-2022-1628

Products Affected
No products.
CWE
CWE-79