Search criteria
2 vulnerabilities found for Smart SEO Tool – SEO优化插件 by Unknown
CVE-2021-24976 (GCVE-0-2021-24976)
Vulnerability from cvelistv5 – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting
Summary
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Smart SEO Tool – SEO优化插件 |
Affected:
3.0.6 , < 3.0.6
(custom)
|
Credits
lnsmile
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.6",
"status": "affected",
"version": "3.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lnsmile"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:02",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24976",
"STATE": "PUBLIC",
"TITLE": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.6",
"version_value": "3.0.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lnsmile"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2637305",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24976",
"datePublished": "2022-01-24T08:01:02",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24976 (GCVE-0-2021-24976)
Vulnerability from nvd – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting
Summary
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Smart SEO Tool – SEO优化插件 |
Affected:
3.0.6 , < 3.0.6
(custom)
|
Credits
lnsmile
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.6",
"status": "affected",
"version": "3.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lnsmile"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:02",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24976",
"STATE": "PUBLIC",
"TITLE": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.6",
"version_value": "3.0.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lnsmile"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2637305",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24976",
"datePublished": "2022-01-24T08:01:02",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}