Cross-site Scripting Vulnerability in WP Social SEO Booster by Daniel
CVE-2025-27348

6.5MEDIUM

Key Information:

Vendor: Daniel
Status: WP Social Seo Booster – Knowledge Graph Social Signals Seo
Vendor: CVE Published:; 24 February 2025

Summary

The WP Social SEO Booster by Daniel is prone to a Cross-site Scripting vulnerability due to improper input neutralization during web page generation. This flaw allows attackers to exploit the application, potentially leading to stored XSS attacks. Affected users could face malicious script execution, which may compromise user data and site integrity. The vulnerability impacts versions up to 1.2.0, emphasizing the need for users to review their installations and apply necessary updates.

Affected Version(s)

WP Social SEO Booster – Knowledge Graph Social Signals SEO <= 1.2.0

References

https://patchstack.com/database/wordpress/plugin/wp-socia...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)