Reflected Cross-Site Scripting Vulnerability in SEO Keywords Plugin for WordPress
CVE-2024-12126
6.1MEDIUM
Summary
The SEO Keywords plugin for WordPress suffers from a reflected cross-site scripting vulnerability due to inadequate input sanitization and output escaping. By exploiting the ‘google_error’ parameter, unauthenticated attackers can insert arbitrary web scripts into webpages. This threat becomes critical when users are tricked into performing specific actions, like clicking on malicious links. Site administrators are advised to update the plugin to mitigate potential risks.
Affected Version(s)
SEO Keywords * <= 1.1.3
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dale Mavers