Wordfence, a WordPress security software company, revealed details about a vulnerability in SEOPress, a prominent WordPress SEO software. WordFence informed the publishers of SEOPress about the vulnerability before making the disclosure. They quickly corrected the problem and provided a patch.
Wordfence provided a CNA (CVE Numbering Authority) rating for the SEOPress vulnerability, a medium level rating, with a score of 6.4 on a scale of 1 to 10.
- The problem with SEOPress is that any authenticated user, even if they only have subscriber credentials, can change the title and description of any post.
- Attack vectors for Cross Site Scripting (XSS) vulnerabilities are frequently found in areas where users can enter data.
- Under the given circumstances, an attacker might “easily” take over a vulnerable website, according to WordFence.