CVE-2024-0597
published 2024-02-05CVE-2024-0597: The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.50%
38.9th percentile
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cifi | seo_plugin_by_squirrly_seo | <= 12.3.15 | — |
| squirrly | seo_plugin_by_squirrly_seo | <= 12.3.15 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Squirrly SEO Plugin up to 12.3.15 on WordPress Setting cross site scripting (ID 3023398)
vuldb·2026-04-11·CVSS 4.4
CVE-2024-0597 [MEDIUM] Squirrly SEO Plugin up to 12.3.15 on WordPress Setting cross site scripting (ID 3023398)
A vulnerability was found in Squirrly SEO Plugin up to 12.3.15 on WordPress. It has been rated as problematic. The affected element is an unknown function of the component Setting Handler. Performing a manipulation results in cross site scripting.
This vulnerability is reported as CVE-2024-0597. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-pgjx-2qxc-c47q: The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and includin
ghsa_unreviewed·2024-02-06
CVE-2024-0597 [MEDIUM] CWE-79 GHSA-pgjx-2qxc-c47q: The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and includin
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://advisory.abay.sh/cve-2024-0597https://plugins.trac.wordpress.org/changeset/3023398/https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cvehttps://plugins.trac.wordpress.org/changeset/3023398/https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve
2024-02-05
Published