cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10515,https://securityvulnerability.io/vulnerability/CVE-2024-10515,Stored XSS Vulnerability in Squirrly SEO Plugin Could Lead to Account Takeover,"A vulnerability has been identified in the Squirrly SEO WordPress Plugin that permits the embedding of malicious scripts, resulting in stored cross-site scripting (XSS) attacks. This flaw can be exploited by attackers to gain unauthorized access to user accounts, effectively creating a backdoor into the affected environments. Prior to version 12.3.21, editors could unintentionally introduce harmful scripts, exposing systems to significant security risks.",Wordpress,Seo Plugin By Squirrly Seo,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-11-20T06:00:05.036Z,0
CVE-2024-6497,https://securityvulnerability.io/vulnerability/CVE-2024-6497,Stored Cross-Site Scripting Vulnerability in Squirrly SEO Plugin for WordPress,"The Squirrly SEO Plugin for WordPress is compromised by a Stored Cross-Site Scripting (XSS) vulnerability arising from inadequate input sanitization processes for the ‘url’ parameter. This flaw enables authenticated users with Contributor-level access and higher to execute arbitrary scripts on targeted pages. When these pages are accessed by other users, the injected scripts can run without their consent, potentially exposing sensitive data or performing unintended actions. The vulnerability affects all versions prior to and including version 12.3.19, thereby underlining the critical need for timely updates to mitigate exploitation risks.",Wordpress,Seo Plugin By Squirrly Seo,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-20T08:38:23.965Z,0
CVE-2024-0597,https://securityvulnerability.io/vulnerability/CVE-2024-0597,Squirrly SEO Plugin Vulnerable to Stored Cross-Site Scripting,"The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,SEO Plugin by Squirrly SEO,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:55.121Z,0
CVE-2022-38140,https://securityvulnerability.io/vulnerability/CVE-2022-38140,WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.10 is vulnerable to Arbitrary File Upload,Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.,Wordpress,Seo Plugin By Squirrly Seo (WordPress Plugin),7.6,HIGH,0.0009500000160187483,false,,false,false,false,,false,false,2022-11-28T19:55:02.240Z,0
CVE-2021-25019,https://securityvulnerability.io/vulnerability/CVE-2021-25019,SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting,"The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting",Wordpress,Seo Plugin By Squirrly Seo,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-03-21T18:55:39.000Z,0