Every CVE whose affected-product data names Seopress, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-5488 — CVSS 9.8 (critical): The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object…
CVE-2023-1669 — CVSS 7.2 (high): The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such…
CVE-2021-34641 — CVSS 6.4 (medium): The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleD…
CVE-2024-1134 — CVSS 6.4 (medium): The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters…
CVE-2024-1168 — CVSS 6.4 (medium): The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all…
CVE-2024-2165 — CVSS 6.4 (medium): The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions…
CVE-2024-9225 — CVSS 6.1 (medium): The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg &…
CVE-2024-4900 — CVSS 6.1 (medium): The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above…
CVE-2024-50456 — CVSS 5.4 (medium): Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security…
CVE-2024-4899 — CVSS 5.0 (medium): The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users…
CVE-2023-6290 — CVSS 4.8 (medium): The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2024-50455 — CVSS 4.3 (medium): Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security…