Seopanel Seo Panel vulnerabilities
22 known vulnerabilities affecting seopanel/seo_panel.
Total CVEs
22
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM17
Vulnerabilities
Page 1 of 2
CVE-2021-28419P3HIGHCVSS 7.2PoCv4.8.02021-03-18
CVE-2021-28419 [HIGH] CWE-89 CVE-2021-28419: The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL in
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
nvd
CVE-2021-3002P3MEDIUMCVSS 6.1PoCv4.8.02021-01-01
CVE-2021-3002 [MEDIUM] CWE-79 CVE-2021-3002: Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
nvd
CVE-2017-10839P3HIGHCVSS 8.8≤ 3.10.02017-08-29
CVE-2017-10839 [HIGH] CWE-89 CVE-2017-10839: SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2021-28417P4MEDIUMCVSS 4.8PoCv4.8.02021-03-18
CVE-2021-28417 [MEDIUM] CWE-79 CVE-2021-28417: A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript v
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.
nvd
CVE-2021-28418P4MEDIUMCVSS 4.8PoCv4.8.02021-03-18
CVE-2021-28418 [MEDIUM] CWE-79 CVE-2021-28418: A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript v
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
nvd
CVE-2021-28420P4MEDIUMCVSS 4.8PoCv4.8.02021-03-18
CVE-2021-28420 [MEDIUM] CWE-79 CVE-2021-28420: A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript v
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
nvd
CVE-2021-34117P3HIGHCVSS 7.5v4.9.02023-02-15
CVE-2021-34117 [HIGH] CWE-89 CVE-2021-34117: SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the us
SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.
nvd
CVE-2025-29452P3HIGHCVSS 7.6v4.11.02025-04-17
CVE-2025-29452 [HIGH] CWE-918 CVE-2025-29452: An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.
nvd
CVE-2025-29451P3HIGHCVSS 7.6v4.11.02025-04-17
CVE-2025-29451 [HIGH] CWE-918 CVE-2025-29451: An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail S
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.
nvd
CVE-2024-22643P4MEDIUMCVSS 6.5v4.10.02024-01-30
CVE-2024-22643 [MEDIUM] CWE-352 CVE-2024-22643: A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attacker
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.
nvd
CVE-2024-22646P4MEDIUMCVSS 5.3v4.10.02024-01-30
CVE-2024-22646 [MEDIUM] CWE-209 CVE-2024-22646: An email address enumeration vulnerability exists in the password reset function of SEO Panel versio
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.
nvd
CVE-2024-22648P4MEDIUMCVSS 5.3v4.10.02024-01-30
CVE-2024-22648 [MEDIUM] CWE-918 CVE-2024-22648: A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.
nvd
CVE-2024-22647P4MEDIUMCVSS 5.3v4.10.02024-01-30
CVE-2024-22647 [MEDIUM] CWE-203 CVE-2024-22647: An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authe
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.
nvd
CVE-2020-35930P4MEDIUMCVSS 5.4v4.8.02020-12-31
CVE-2020-35930 [MEDIUM] CWE-79 CVE-2020-35930: Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.
nvd
CVE-2021-39413P4MEDIUMCVSS 6.1v4.8.02021-11-05
CVE-2021-39413 [MEDIUM] CWE-79 CVE-2021-39413: Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time pa
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b)
nvd
CVE-2017-10838P4MEDIUMCVSS 6.1≤ 3.10.02017-08-29
CVE-2017-10838 [MEDIUM] CWE-79 CVE-2017-10838: Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject
Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2021-29009P4MEDIUMCVSS 4.8v4.8.02021-03-25
CVE-2021-29009 [MEDIUM] CWE-79 CVE-2021-29009: A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript v
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.
nvd
CVE-2018-14384P4MEDIUMCVSS 4.8≤ 3.13.02020-03-02
CVE-2018-14384 [MEDIUM] CWE-79 CVE-2018-14384: The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Script
The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter.
nvd
CVE-2014-1855P4MEDIUMCVSS 4.3≤ 3.4.0v3.3.12014-05-20
CVE-2014-1855 [MEDIUM] CWE-79 CVE-2014-1855: Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.
nvd
CVE-2021-29010P4MEDIUMCVSS 4.8v4.8.02021-03-25
CVE-2021-29010 [MEDIUM] CWE-79 CVE-2021-29010: A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript v
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.
nvd
1 / 2Next →