Vulnerability in the WordPress SEOPress Plugin

Last Updated: 7 months ago by BrodNeil

Wordfence, a WordPress security software company, revealed details about a vulnerability in SEOPress, a prominent WordPress SEO software. WordFence informed the publishers of SEOPress about the vulnerability before making the disclosure. They quickly corrected the problem and provided a patch.

Wordfence provided a CNA (CVE Numbering Authority) rating for the SEOPress vulnerability, a medium level rating, with a score of 6.4 on a scale of 1 to 10.

Key takeaways:

  • The problem with SEOPress is that any authenticated user, even if they only have subscriber credentials, can change the title and description of any post.
  • Attack vectors for Cross Site Scripting (XSS) vulnerabilities are frequently found in areas where users can enter data. 
  • Under the given circumstances, an attacker might “easily” take over a vulnerable website, according to WordFence.

Read more: https://www.searchenginejournal.com/seopress-vulnerability/416610/

+ posts