Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags simple-meta-tags allows DOM-Based XSS.This issue affects Simple Meta Tags: from n/a through <= 1.5.
Published: 2025-09-26
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Simple Meta Tags plugin for WordPress fails to properly neutralize user‑supplied input when generating page content, allowing a DOM‑based XSS flaw. An attacker can inject malicious scripts that run in the victim’s browser, potentially leading to cookie theft, session hijacking, defacement or other client‑side attacks. The CVSS score of 6.5 indicates a moderate severity flaw that could affect the confidentiality, integrity, or availability of user sessions.

Affected Systems

Vulnerable versions are DaganLev Simple Meta Tags plugin for WordPress up to and including 1.5. No further sub‑version details are supplied, so any installation of this plugin with a version ≤ 1.5 is at risk.

Risk and Exploitability

The EPSS score is below 1 %, indicating a low probability of exploitation as of the current data. The flaw is client‑side and can be triggered by tricking a user into visiting a crafted URL or interacting with a manipulated input field. Because it is listed as not in CISA’s KEV catalog, no publicly known exploits have been reported, but the moderate CVSS and potential for XSS warrant prompt attention.

Generated by OpenCVE AI on April 30, 2026 at 06:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Simple Meta Tags plugin to the latest version (1.6 or newer, if available).
  • If an update is not yet released, disable or uninstall the plugin to prevent the XSS vector.
  • As a temporary workaround, ensure that all user input displayed by the plugin is properly sanitized or escaped before rendering.

Generated by OpenCVE AI on April 30, 2026 at 06:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-31262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags simple-meta-tags allows DOM-Based XSS.This issue affects Simple Meta Tags: from n/a through <= 1.5.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Mon, 29 Sep 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 26 Sep 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Sep 2025 08:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5.
Title WordPress Simple Meta Tags Plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:55.747Z

Reserved: 2025-09-25T15:27:39.208Z

Link: CVE-2025-60142

cve-icon Vulnrichment

Updated: 2025-09-26T13:08:27.795Z

cve-icon NVD

Status : Deferred

Published: 2025-09-26T09:15:42.143

Modified: 2026-04-23T15:34:18.020

Link: CVE-2025-60142

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:00:12Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')