CVE-2024-6497

Name of the Vulnerable Software and Affected Versions The SEO Plugin by Squirrly SEO plugin for WordPress versions up to and including 12.3.19

Description The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages. This can be achieved via the url parameter. The injected scripts will execute whenever a user accesses an injected page.

Recommendations For versions up to and including 12.3.19, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the url parameter in affected pages to minimize the risk of arbitrary script injection.