CVE-2022-1628

The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
Configurations

Configuration 1 (hide)

cpe:2.3:a:coleds:simple_seo:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-09-06 18:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-1628

Mitre link : CVE-2022-1628

CVE.ORG link : CVE-2022-1628


JSON object : View

Products Affected

coleds

  • simple_seo
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')