Wordfence, a WordPress security software company, published details about a vulnerability in popular WordPress SEO software SEOPress. Before making the announcement, WordFence communicated the details of the vulnerability to the publishers of SEOPress who promptly fixed the issue and published a patch to fix it.
According to WordFence:
“This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site which would execute anytime a user accessed the “All Posts” page.”
The United States government National Vulnerability Database website listed the Wordfence provided CNA (CVE Numbering Authority) rating for the SEOPress vulnerability as a medium level rating and a score of 6.4 on a scale of 1 to 10.
Continue Reading Below
The weakness enumeration is categorized as:
“Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)”
The vulnerability affects SEOPress versions 5.0.0 – 5.0.3.