XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

2021-08-16 18:22

A stored cross-site scripting vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into websites, researchers said.

In July six critical flaws were disclosed that affected the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites.

Earlier in the year, in March, The Plus Addons for Elementor plugin for WordPress was discovered to contain a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website.

In February, an unpatched, stored XSS security bug was found to potentially affect 50,000 Contact Form 7 Style plugin users.

In January, researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.

A plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability that could be exploited by attackers to send out newsletters with custom content or to delete or import newsletter subscribers.

News URL

https://threatpost.com/xss-bug-seopress-wordpress-plugin/168702/

#takeover #wordpress #XSS

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress	7	2	95	44	18	159
Plugin	2	0	13	1	0	14
Seopress	1	0	4	3	0	7

News URL

Related news

Related vendor