CVE-2024-2165

Name of the Vulnerable Software and Affected Versions SEOPress – On-site SEO plugin for WordPress versions up to, and including, 7.5.2.1

Description The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with author access or higher to inject arbitrary web scripts via the image alt parameter. This enables the execution of injected scripts whenever a user accesses an affected page.

Recommendations For versions up to, and including, 7.5.2.1, update to a version higher than 7.5.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the image alt parameter to minimize the risk of exploitation.