Reflected XSS Vulnerability in Simplistic SEO
CVE-2024-51719

7.1HIGH

Key Information:

Vendor: WordPress
Status: Simplistic Seo
Vendor: CVE Published:; 9 November 2024

Summary

The vulnerability allows an attacker to exploit improper neutralization of input during web page generation, leading to Reflected Cross-Site Scripting (XSS) in the Simplistic SEO plugin. This issue enables malicious users to inject arbitrary web scripts into the pages viewed by users, potentially compromising sensitive information or performing actions on behalf of legitimate users. It primarily affects versions prior to 2.3.0, necessitating immediate attention from users of this plugin to mitigate the inherent risks.

Affected Version(s)

Simplistic SEO <= 2.3.0

References

https://patchstack.com/database/vulnerability/simplistic-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)