CVE-2023-6290

The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:seopress:seopress:*:*:*:*:*:wordpress:*:*

History

26 Jan 2024, 19:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
References () https://wpscan.com/vulnerability/78a13958-cd12-4ea8-b326-1e3184da970b/ - () https://wpscan.com/vulnerability/78a13958-cd12-4ea8-b326-1e3184da970b/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:seopress:seopress:*:*:*:*:*:wordpress:*:*
First Time Seopress
Seopress seopress
CWE CWE-79

22 Jan 2024, 20:28

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-22 20:15

Updated : 2024-08-29 20:35


NVD link : CVE-2023-6290

Mitre link : CVE-2023-6290

CVE.ORG link : CVE-2023-6290


JSON object : View

Products Affected

seopress

  • seopress
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')