CVE-2022-1628
6.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| coleds | Simple SEO | 1.7.91 <= 1.7.91 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754807%40cds-simple-seo&new=2754807%40cds-simple-seo&sfp_email=&sfph_mail=
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754807%40cds-simple-seo&new=2754807%40cds-simple-seo&sfp_email=&sfph_mail=
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.