Skip to main content

Search Atlas Seo

1 CVEs product

Monthly

CVE-2026-57357 HIGH This Week

Reflected cross-site scripting in the Search Atlas SEO WordPress plugin (versions 2.6.6 and earlier, distributed under the 'metasync' slug) lets an unauthenticated attacker inject script that executes in a victim's browser session when they follow a crafted link. Rated CVSS 7.1 with an elevated score due to a scope change, the flaw affects any WordPress site running the vulnerable plugin and can lead to session hijacking, admin action forgery, or redirection. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

XSS Search Atlas Seo
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the Search Atlas SEO WordPress plugin (versions 2.6.6 and earlier, distributed under the 'metasync' slug) lets an unauthenticated attacker inject script that executes in a victim's browser session when they follow a crafted link. Rated CVSS 7.1 with an elevated score due to a scope change, the flaw affects any WordPress site running the vulnerable plugin and can lead to session hijacking, admin action forgery, or redirection. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

XSS Search Atlas Seo
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy