CVE-2024-9225
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-9225 identifies a reflected cross-site scripting vulnerability in the SEOPress On-site SEO plugin for WordPress, affecting all versions up to and including 8.1.1. This vulnerability arises from the improper use of add_query_arg and remove_query_arg without adequate escaping, allowing unauthenticated attackers to inject malicious scripts if users are tricked into clicking on compromised links. The potential impact includes low-level integrity and confidentiality risks, with an exploitability score of 2.8 indicating a medium severity threat that requires user interaction to exploit. Organizations are advised to update the plugin to a patched version to mitigate this risk effectively. The vulnerability falls under CWE-79, which pertains to improper input neutralization during web page generation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.