Security News > 2021 > August > XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover
2021-08-16 18:22

A stored cross-site scripting vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into websites, researchers said.

In July six critical flaws were disclosed that affected the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites.

Earlier in the year, in March, The Plus Addons for Elementor plugin for WordPress was discovered to contain a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website.

In February, an unpatched, stored XSS security bug was found to potentially affect 50,000 Contact Form 7 Style plugin users.

In January, researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.

A plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability that could be exploited by attackers to send out newsletters with custom content or to delete or import newsletter subscribers.


News URL

https://threatpost.com/xss-bug-seopress-wordpress-plugin/168702/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14
Seopress 1 0 4 3 0 7