Irobots Txt Seo
Monthly
Reflected cross-site scripting in the iRobots.txt SEO WordPress plugin (versions 1.1.2 and earlier) allows remote unauthenticated attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.1 driven by a scope change, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV. Exploitation requires user interaction, which limits mass-scale weaponization but makes it viable for targeted phishing against WordPress administrators.
Reflected cross-site scripting in the iRobots.txt SEO WordPress plugin (versions 1.1.2 and earlier) allows remote unauthenticated attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.1 driven by a scope change, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV. Exploitation requires user interaction, which limits mass-scale weaponization but makes it viable for targeted phishing against WordPress administrators.