CVE-2024-4899

Summary

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.

Affected Software

VendorProductVersion RangeStatus
UnknownSEOPress0 < 7.8affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References