The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-09-06T17:18:55
Updated: 2024-08-03T00:10:03.751Z
Reserved: 2022-05-09T00:00:00
Link: CVE-2022-1628
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-09-06T18:15:10.423
Modified: 2022-09-09T04:36:25.150
Link: CVE-2022-1628
Redhat
No data.