PT-2024-16333 · Squirrly · Squirrly Seo Wordpress Plugin

Dmitry Ignatyev

Published

2024-11-20

Updated

2025-03-31

CVE-2024-10515

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Squirrly SEO WordPress plugin versions prior to 12.3.21

Description A vulnerability was found in the SEO Plugin by Squirrly SEO that allows for Stored XSS on behalf of the editor by embedding malicious script. This can lead to account takeover backdoor.

Recommendations For versions prior to 12.3.21, update to version 12.3.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the editor role to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-10515

Affected Products

Squirrly Seo Wordpress Plugin

PT-2024-16333 · Squirrly · Squirrly Seo Wordpress Plugin

CVE-2024-10515

Weakness Enumeration

Related Identifiers

Affected Products

References · 7