Cross-site Scripting Vulnerability in NotFound SEO Tools
CVE-2025-30984

7.1HIGH

Key Information:

Vendor: Notfound
Status: Seo Tools
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-30984?

A Cross-site Scripting (XSS) vulnerability has been identified in NotFound SEO Tools, allowing attackers to inject malicious scripts into web pages. This issue can lead to unauthorized data access and manipulation, compromising user security. Affected versions include all up to and including 4.0.7, presenting a significant risk for those utilizing this plugin. It is crucial for users to update their software and implement security best practices to mitigate potential threats.

Affected Version(s)

SEO Tools <= 4.0.7

References

https://patchstack.com/database/wordpress/plugin/seo-auto...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)