Vulnerability Description
The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coleds | Simple Seo | <= 1.7.91 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628Third Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1628Third Party Advisory
FAQ
What is CVE-2022-1628?
CVE-2022-1628 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social...
How severe is CVE-2022-1628?
CVE-2022-1628 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1628?
Check the references section above for vendor advisories and patch information. Affected products include: Coleds Simple Seo.