WordPress Plugin Vulnerabilities

Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting

Proof of Concept

With the "TDK optimization" setting enabled (7th page, first one): https://example.com/?s=123456"><sCrIpT>alert(/XSS/)</ScRiPt>

Affects Plugins

Plugin icon
smart-seo-tool
Fixed in 3.0.6

References

CVE
CVE-2021-24976
URL
https://plugins.trac.wordpress.org/changeset/2637305

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
lnsmile
Submitter
lnsmile
Verified
Yes
WPVDB ID
7d5f58a8-bee4-46be-9c08-d272678338f0

Timeline

Publicly Published
2021-12-22 (about 2 years ago)
Added
2021-12-22 (about 2 years ago)
Last Updated
2022-04-16 (about 2 years ago)

Other

Published
Title
Published
2023-01-20
Title
WPFrom Email < 1.8.9 - Admin+ Stored XSS
Published
2014-08-01
Title
Shoutbox - Unspecified XSS
Published
2011-10-24
Title
Cover WP < 1.6.6 - XSS
Published
2024-05-09
Title
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.20 - Contributor+ Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'
Published
2017-04-24
Title
Answer My Question 1.3 - Cross-Site Scripting (XSS)