WordPress
CVE-2024-13853
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
AnalysisAI
The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin [CVSS 6.1 MEDIUM]
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects SEO Tools WordPre. The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected ProductsAI
Product: SEO Tools WordPre. Versions: up to 4.0.7.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More from same product – last 7 days
The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that i
Remote code execution in UpdraftPlus: WP Backup & Migration Plugin for WordPress (versions ≤1.26.4) allows unauthenticat
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline
Remote code execution in Edgar Rojas WooCommerce PDF Invoice Builder WordPress plugin (versions through 2.0.8) allows un
Share
External POC / Exploit Code
Leaving vuln.today