Description
The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.9.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Published: 2026-01-28
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Reflected Cross‑Site Scripting via the google_error parameter
Action: Patch
AI Analysis

Impact

The SEO Links Interlinking WordPress plugin contains a reflected cross‑site scripting vulnerability in the google_error parameter. The plugin fails to adequately sanitize or escape this parameter, allowing an attacker to supply arbitrary JavaScript that is reflected back to the user's browser when the victim follows a crafted link. This flaw results in client‑side script execution without requiring authentication.

Affected Systems

Any WordPress site running the SEO Links Interlinking plugin version 1.7.9.9.1 or earlier is affected. The vulnerability is present in all releases up to and including 1.7.9.9.1 and is distributed by seomantis through the official WordPress plugin repository.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate severity, while the EPSS score of less than 1 % suggests that exploitation attempts are infrequent in the current threat landscape. The vulnerability is not listed in CISA’s KEV catalog. An attacker does not need authentication; delivery of a malicious URL containing a crafted google_error value via phishing or social engineering is sufficient. If a victim clicks on this link, the injected script runs in the context of the victim’s browser session.

Generated by OpenCVE AI on April 20, 2026 at 17:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SEO Links Interlinking plugin to the latest release, which removes the vulnerability.
  • If an immediate update cannot be applied, deactivate or uninstall the plugin to eliminate the vulnerable code path.
  • Deploy a web application firewall or enforce a Content Security Policy to block unintended script execution on the site.

Generated by OpenCVE AI on April 20, 2026 at 17:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.9.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Title SEO Links Interlinking <= 1.7.5 - Reflected Cross-Site Scripting via 'google_error' Parameter SEO Links Interlinking <= 1.7.9.9.1 - Reflected Cross-Site Scripting via 'google_error' Parameter
References

Thu, 29 Jan 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Seomantis
Seomantis seo Links Interlinking
Wordpress
Wordpress wordpress
Vendors & Products Seomantis
Seomantis seo Links Interlinking
Wordpress
Wordpress wordpress

Wed, 28 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 28 Jan 2026 11:30:00 +0000

Type Values Removed Values Added
Description The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Title SEO Links Interlinking <= 1.7.5 - Reflected Cross-Site Scripting via 'google_error' Parameter
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Seomantis Seo Links Interlinking
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-14T15:08:26.508Z

Reserved: 2025-12-04T20:09:41.808Z

Link: CVE-2025-14063

cve-icon Vulnrichment

Updated: 2026-01-28T14:32:36.227Z

cve-icon NVD

Status : Deferred

Published: 2026-01-28T12:15:49.567

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14063

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T17:30:12Z

Weaknesses