Wp Meta Seo
Monthly
Unauthenticated stored cross-site scripting in the WP Meta SEO WordPress plugin (versions ≤ 4.5.18 by Joomunited) lets remote attackers persist arbitrary JavaScript into the `wp_wpms_links.link_url` database column by sending HTTP requests with a malicious URI to any 404 path. The payload executes in the browser of any administrator who opens the plugin's '404 & Redirects' admin page, enabling session hijacking or admin-on-behalf actions. No public exploit identified at time of analysis; no KEV listing.
Server-Side Request Forgery in the WP Meta SEO WordPress plugin (all versions through 4.5.18) enables authenticated contributors to coerce the web server into issuing arbitrary outbound HTTP requests via the `new_link` parameter, with the response status code reflected back through the AJAX JSON response as `status_code`. This status-code oracle allows methodical enumeration of internal network hosts and cloud metadata services (e.g., AWS IMDSv1 at 169.254.169.254), making it particularly dangerous in cloud-hosted WordPress deployments. No public exploit identified at time of analysis, though the vulnerability is confirmed by Wordfence with direct source code references and the technique is well-understood.
Unauthenticated stored cross-site scripting in the WP Meta SEO WordPress plugin (versions ≤ 4.5.18 by Joomunited) lets remote attackers persist arbitrary JavaScript into the `wp_wpms_links.link_url` database column by sending HTTP requests with a malicious URI to any 404 path. The payload executes in the browser of any administrator who opens the plugin's '404 & Redirects' admin page, enabling session hijacking or admin-on-behalf actions. No public exploit identified at time of analysis; no KEV listing.
Server-Side Request Forgery in the WP Meta SEO WordPress plugin (all versions through 4.5.18) enables authenticated contributors to coerce the web server into issuing arbitrary outbound HTTP requests via the `new_link` parameter, with the response status code reflected back through the AJAX JSON response as `status_code`. This status-code oracle allows methodical enumeration of internal network hosts and cloud metadata services (e.g., AWS IMDSv1 at 169.254.169.254), making it particularly dangerous in cloud-hosted WordPress deployments. No public exploit identified at time of analysis, though the vulnerability is confirmed by Wordfence with direct source code references and the technique is well-understood.