Vulnerability Details CVE-2022-1628
The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.4%
CVSS Severity
CVSS v3 Score 6.4
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754807%40cds-simple-seo&new=2754807%40cds-simple-seo&sfp_email=&sfph_mail=
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754807%40cds-simple-seo&new=2754807%40cds-simple-seo&sfp_email=&sfph_mail=
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628
Products affected by CVE-2022-1628
-
cpe:2.3:a:coleds:simple_seo:-
-
cpe:2.3:a:coleds:simple_seo:1.1.0
-
cpe:2.3:a:coleds:simple_seo:1.2.0
-
cpe:2.3:a:coleds:simple_seo:1.2.1
-
cpe:2.3:a:coleds:simple_seo:1.2.2
-
cpe:2.3:a:coleds:simple_seo:1.2.3
-
cpe:2.3:a:coleds:simple_seo:1.3.0
-
cpe:2.3:a:coleds:simple_seo:1.3.1
-
cpe:2.3:a:coleds:simple_seo:1.3.2
-
cpe:2.3:a:coleds:simple_seo:1.3.3
-
cpe:2.3:a:coleds:simple_seo:1.3.4
-
cpe:2.3:a:coleds:simple_seo:1.4.0
-
cpe:2.3:a:coleds:simple_seo:1.4.1
-
cpe:2.3:a:coleds:simple_seo:1.4.2
-
cpe:2.3:a:coleds:simple_seo:1.4.3
-
cpe:2.3:a:coleds:simple_seo:1.4.4
-
cpe:2.3:a:coleds:simple_seo:1.4.5
-
cpe:2.3:a:coleds:simple_seo:1.4.6
-
cpe:2.3:a:coleds:simple_seo:1.4.8
-
cpe:2.3:a:coleds:simple_seo:1.4.9
-
cpe:2.3:a:coleds:simple_seo:1.5
-
cpe:2.3:a:coleds:simple_seo:1.5.1
-
cpe:2.3:a:coleds:simple_seo:1.5.2
-
cpe:2.3:a:coleds:simple_seo:1.5.3
-
cpe:2.3:a:coleds:simple_seo:1.5.6
-
cpe:2.3:a:coleds:simple_seo:1.6
-
cpe:2.3:a:coleds:simple_seo:1.6.1
-
cpe:2.3:a:coleds:simple_seo:1.6.2
-
cpe:2.3:a:coleds:simple_seo:1.6.4
-
cpe:2.3:a:coleds:simple_seo:1.6.5
-
cpe:2.3:a:coleds:simple_seo:1.6.6
-
cpe:2.3:a:coleds:simple_seo:1.6.7
-
cpe:2.3:a:coleds:simple_seo:1.6.8
-
cpe:2.3:a:coleds:simple_seo:1.6.9
-
cpe:2.3:a:coleds:simple_seo:1.7
-
cpe:2.3:a:coleds:simple_seo:1.7.1
-
cpe:2.3:a:coleds:simple_seo:1.7.2
-
cpe:2.3:a:coleds:simple_seo:1.7.3
-
cpe:2.3:a:coleds:simple_seo:1.7.4
-
cpe:2.3:a:coleds:simple_seo:1.7.5
-
cpe:2.3:a:coleds:simple_seo:1.7.7
-
cpe:2.3:a:coleds:simple_seo:1.7.8
-
cpe:2.3:a:coleds:simple_seo:1.7.9
-
cpe:2.3:a:coleds:simple_seo:1.7.91