SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting
CVE-2021-25019

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Seo Plugin By Squirrly Seo
Vendor
CVE Published:
21 March 2022

Summary

The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

Affected Version(s)

SEO Plugin by Squirrly SEO 11.1.12

References

https://wpscan.com/vulnerability/cea0ce4b-886a-47cc-8653-...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krzysztof Zając
.