PT-2024-33319 · WordPress · Seopress
Dmitry Ignatyev
·
Published
2024-06-24
·
Updated
2024-12-04
·
CVE-2024-4900
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SEOPress WordPress plugin versions prior to 7.8
Description
The issue concerns a lack of validation and escaping in one of the Post settings of the SEOPress WordPress plugin. This could allow users with a contributor or higher role to perform Open redirect attacks against any user viewing a malicious post.
Recommendations
For versions prior to 7.8, update to version 7.8 or later to resolve the issue.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seopress