WordPress Plugin Vulnerabilities

SEO by Squirrly SEO < 12.1.21 - Reflected Cross-Site Scripting

Description

The plugin does not sanitize and escape the "page" and "tab" URL parameters, leading to a Reflected Cross-Site Scripting vulnerability.

Affects Plugins

Plugin icon
squirrly-seo
Fixed in 12.1.21

References

CVE
CVE-2022-45065
URL
https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-reflected-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
104cb437-d1ef-4296-8bcc-448f45a4f365

Timeline

Publicly Published
2023-03-17 (about 3 years ago)
Added
2023-05-08 (about 2 years ago)
Last Updated
2023-05-08 (about 2 years ago)

Other

Published
Title
Published
2023-07-05
Title
WP Reroute Email < 1.5.0 - Unauthenticated Stored Cross-Site Scripting
Published
2024-11-25
Title
Elementor Website Builder < 3.25.8 - Contributor+ Stored XSS
Published
2024-12-06
Title
Easy Replace <= 1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2024-12-11
Title
Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.24 - Admin+ Stored XSS
Published
2024-04-23
Title
UDesign < 4.13.6 - Reflected Cross-Site Scripting