Search criteria
3 vulnerabilities found for smart_seo_tool by wbolt
FKIE_CVE-2021-24976
Vulnerability from fkie_nvd - Published: 2022-01-24 08:15 - Updated: 2024-11-21 05:54
Severity ?
Summary
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://plugins.trac.wordpress.org/changeset/2637305 | Patch, Third Party Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plugins.trac.wordpress.org/changeset/2637305 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wbolt | smart_seo_tool | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wbolt:smart_seo_tool:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "09590A89-293B-434D-A106-2DE0A565C304",
"versionEndExcluding": "3.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
},
{
"lang": "es",
"value": "El plugin Smart SEO Tool de WordPress versiones anteriores a 3.0.6, no sanea y escapa del par\u00e1metro search antes de devolverlo en un atributo cuando la configuraci\u00f3n de optimizaci\u00f3n TDK est\u00e1 habilitada, conllevando a un ataque de tipo Cross-Site Scripting Reflejado"
}
],
"id": "CVE-2021-24976",
"lastModified": "2024-11-21T05:54:07.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-24T08:15:09.043",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2021-24976 (GCVE-0-2021-24976)
Vulnerability from cvelistv5 – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting
Summary
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Smart SEO Tool – SEO优化插件 |
Affected:
3.0.6 , < 3.0.6
(custom)
|
Credits
lnsmile
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.6",
"status": "affected",
"version": "3.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lnsmile"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:02",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24976",
"STATE": "PUBLIC",
"TITLE": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.6",
"version_value": "3.0.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lnsmile"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2637305",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24976",
"datePublished": "2022-01-24T08:01:02",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24976 (GCVE-0-2021-24976)
Vulnerability from nvd – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:49
VLAI?
Title
Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting
Summary
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Smart SEO Tool – SEO优化插件 |
Affected:
3.0.6 , < 3.0.6
(custom)
|
Credits
lnsmile
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.6",
"status": "affected",
"version": "3.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lnsmile"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:02",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24976",
"STATE": "PUBLIC",
"TITLE": "Smart SEO Tool \u003c 3.0.6 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart SEO Tool \u2013 SEO\u4f18\u5316\u63d2\u4ef6",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.6",
"version_value": "3.0.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lnsmile"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2637305",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2637305"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24976",
"datePublished": "2022-01-24T08:01:02",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}