WordPress · Seopress · CVE-2024-4899
**Name of the Vulnerable Software and Affected Versions**
SEOPress WordPress plugin versions prior to 7.8
**Description**
The issue concerns the SEOPress WordPress plugin, where certain Post settings are not properly sanitized and escaped, potentially allowing high-privilege users, such as contributors, to perform Stored Cross-Site Scripting attacks.
**Recommendations**
For versions prior to 7.8, update to version 7.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Post settings for high-privilege users until the update is applied.