CVE-2022-1628

Name of the Vulnerable Software and Affected Versions Simple SEO plugin for WordPress versions up to, and including 1.7.91

Description The issue is related to attribute-based stored Cross-Site Scripting due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator accesses the page.

Recommendations For Simple SEO plugin for WordPress versions up to, and including 1.7.91, update to a version that includes proper sanitization or escaping of the SEO social and standard title parameters to prevent Cross-Site Scripting. As a temporary workaround, consider restricting access to the SEO social and standard title parameters for users with Contributor and above permissions until a patch is available.