Search Atlas Seo
Monthly
Reflected cross-site scripting in the Search Atlas SEO WordPress plugin (versions 2.6.6 and earlier, distributed under the 'metasync' slug) lets an unauthenticated attacker inject script that executes in a victim's browser session when they follow a crafted link. Rated CVSS 7.1 with an elevated score due to a scope change, the flaw affects any WordPress site running the vulnerable plugin and can lead to session hijacking, admin action forgery, or redirection. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Reflected cross-site scripting in the Search Atlas SEO WordPress plugin (versions 2.6.6 and earlier, distributed under the 'metasync' slug) lets an unauthenticated attacker inject script that executes in a victim's browser session when they follow a crafted link. Rated CVSS 7.1 with an elevated score due to a scope change, the flaw affects any WordPress site running the vulnerable plugin and can lead to session hijacking, admin action forgery, or redirection. No public exploit identified at time of analysis, and it is not listed in CISA KEV.