CVE-2023-2029

Name of the Vulnerable Software and Affected Versions PrePost SEO WordPress plugin versions through 3.0

Description The issue arises from the plugin's failure to properly sanitize some of its settings. This could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks, even in scenarios where the unfiltered html capability is disallowed, such as in multisite setups.

Recommendations For versions through 3.0, consider updating to a version that properly sanitizes settings to prevent Stored Cross-Site Scripting (XSS) attacks. As a temporary workaround, restrict the use of the plugin's settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.