Skip to main content

Seo Plugin By Squirrly Seo

9 CVEs product

Monthly

CVE-2026-52714 MEDIUM This Month

Broken access control in SEO Plugin by Squirrly SEO version 12.4.16 and earlier allows unauthenticated remote attackers to perform unauthorized privileged actions, resulting in high integrity impact against affected WordPress installations. The flaw stems from missing authorization checks (CWE-862), permitting requests to restricted functionality without any credential validation. No public exploit code or active CISA KEV listing has been identified at time of analysis, though the CVSS high-complexity rating suggests exploitation requires meeting specific conditions beyond a simple direct request.

Authentication Bypass Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-1768 MEDIUM PATCH This Month

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Seo Plugin By Squirrly Seo PHP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-10515 LOW POC Monitor

In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Plugin By Squirrly Seo
NVD WPScan
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-43286 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.3.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6497 HIGH POC PATCH THREAT Act Now

Stored Cross-Site Scripting in the SEO Plugin by Squirrly SEO for WordPress (versions up to and including 12.3.19) allows Contributor-level authenticated users to inject arbitrary JavaScript via the 'url' parameter, executing in browsers of any user who views the affected page. Publicly available exploit code exists and EPSS scores this in the 96th percentile (22.89%) for likelihood of exploitation, though it is not currently listed in CISA KEV. Note that the assigned CWE-89 (SQL Injection) appears inconsistent with the description, which clearly describes Stored XSS (CWE-79).

SQLi XSS WordPress Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
8.8
EPSS
22.9%
CVE-2024-29790 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.3.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-44626 MEDIUM This Month

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.1.20. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0597 MEDIUM PATCH This Month

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Seo Plugin By Squirrly Seo
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-38140 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
8.8
EPSS
0.7%
EPSS 0% CVSS 5.9
MEDIUM This Month

Broken access control in SEO Plugin by Squirrly SEO version 12.4.16 and earlier allows unauthenticated remote attackers to perform unauthorized privileged actions, resulting in high integrity impact against affected WordPress installations. The flaw stems from missing authorization checks (CWE-862), permitting requests to restricted functionality without any credential validation. No public exploit code or active CISA KEV listing has been identified at time of analysis, though the CVSS high-complexity rating suggests exploitation requires meeting specific conditions beyond a simple direct request.

Authentication Bypass Seo Plugin By Squirrly Seo
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Seo Plugin By Squirrly Seo +1
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Plugin By Squirrly Seo
NVD WPScan
EPSS 1% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.3.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Seo Plugin By Squirrly Seo
NVD
EPSS 23% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Stored Cross-Site Scripting in the SEO Plugin by Squirrly SEO for WordPress (versions up to and including 12.3.19) allows Contributor-level authenticated users to inject arbitrary JavaScript via the 'url' parameter, executing in browsers of any user who views the affected page. Publicly available exploit code exists and EPSS scores this in the 96th percentile (22.89%) for likelihood of exploitation, though it is not currently listed in CISA KEV. Note that the assigned CWE-89 (SQL Injection) appears inconsistent with the description, which clearly describes Stored XSS (CWE-79).

SQLi XSS WordPress +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.3.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Seo Plugin By Squirrly Seo
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.1.20. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Seo Plugin By Squirrly Seo
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Seo Plugin By Squirrly Seo
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Seo Plugin By Squirrly Seo
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy