Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Unknown

CVE-2024-10515

Disclosure Date: November 20, 2024 (last updated November 20, 2024)
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
0
0
Attacker Value
Unknown

CVE-2024-43286

Disclosure Date: August 18, 2024 (last updated August 19, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.19.
0
0
Attacker Value
Unknown

CVE-2024-6497

Disclosure Date: July 20, 2024 (last updated January 05, 2025)
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
0
Attacker Value
Unknown

CVE-2024-29790

Disclosure Date: March 27, 2024 (last updated January 05, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.
0
0
Attacker Value
Unknown

CVE-2022-44626

Disclosure Date: March 25, 2024 (last updated April 02, 2024)
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.
0
0
Attacker Value
Unknown

CVE-2024-0597

Disclosure Date: February 05, 2024 (last updated February 14, 2024)
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-50854

Disclosure Date: December 28, 2023 (last updated January 06, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-45065

Disclosure Date: May 08, 2023 (last updated October 08, 2023)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-38140

Disclosure Date: November 28, 2022 (last updated November 08, 2023)
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-25019

Disclosure Date: March 21, 2022 (last updated February 23, 2025)
The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0