Search Results | AttackerKB

Show filters

Topics 4 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

4 Total Results

Displaying 1-4 of 4

Attacker Value

Unknown

CVE-2023-45269

Disclosure Date: October 13, 2023 (last updated November 15, 2023)

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-36404

Disclosure Date: October 20, 2022 (last updated February 24, 2025)

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2022-44627

Disclosure Date: October 20, 2022 (last updated February 24, 2025)

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-1628

Disclosure Date: September 06, 2022 (last updated February 24, 2025)

The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.

Attack Vector: Network Privileges: Low User Interaction: Required

0