The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754807%40cds-simple-seo&new=2754807%40cds-simple-seo&sfp_email=&sfph_mail= | Patch Third Party Advisory |
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-09-06T17:18:55
Updated: 2022-09-06T17:18:55
Reserved: 2022-05-09T00:00:00
Link: CVE-2022-1628
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-06T18:15:10.423
Modified: 2022-09-09T04:36:25.150
Link: CVE-2022-1628
JSON object: View
Redhat Information
No data.
CWE