Reflected Cross-Site Scripting Vulnerability in SEO Keywords Plugin for WordPress
CVE-2024-12126

6.1MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
7 January 2025

Summary

The SEO Keywords plugin for WordPress suffers from a reflected cross-site scripting vulnerability due to inadequate input sanitization and output escaping. By exploiting the ‘google_error’ parameter, unauthenticated attackers can insert arbitrary web scripts into webpages. This threat becomes critical when users are tricked into performing specific actions, like clicking on malicious links. Site administrators are advised to update the plugin to mitigate potential risks.

Affected Version(s)

SEO Keywords * <= 1.1.3

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.