CVE-2021-34641

Name of the Vulnerable Software and Affected Versions: SEOPress WordPress plugin versions 5.0.0 through 5.0.3

Description: The issue allows authenticated attackers to inject arbitrary web scripts via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file. This enables Stored Cross-Site-Scripting attacks.

Recommendations: For versions 5.0.0 through 5.0.3, as a temporary workaround, consider disabling the processPut function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.