WordPress Plugin Vulnerabilities

Simple SEO < 1.7.92 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not properly sanitise and escape the SEO social and standard title parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
cds-simple-seo
Fixed in 1.7.92

References

CVE
CVE-2022-1628

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Jorgson
Verified
No
WPVDB ID
4ac2e009-ba52-47a3-8e4e-d9397e4d3f7c

Timeline

Publicly Published
2022-07-29 (about 3 years ago)
Added
2022-07-30 (about 3 years ago)
Last Updated
2023-04-28 (about 3 years ago)

Other

Published
Title
Published
2025-04-03
Title
Wptobe-signinup <= 1.1.2 - Reflected Cross-Site Scripting
Published
2024-10-23
Title
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip < 2.3.42 - Reflected Cross-Site Scripting
Published
2024-04-23
Title
UDesign < 4.13.6 - Reflected Cross-Site Scripting
Published
2025-12-31
Title
Post Video Players <= 1.163 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2024-06-03
Title
Tracking Code Manager < 2.3.0- Admin+ Stored Cross-Site Scripting