cbcvebase.

Squirrly Seo Plugin By Squirrly Seo vulnerabilities

13 known vulnerabilities affecting squirrly/seo_plugin_by_squirrly_seo.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH5MEDIUM7LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-44626P2MEDIUMCVSS 6.3Exploitedfixed in 12.1.21≥ n/a, ≤ 12.1.202024-03-25
CVE-2022-44626 [MEDIUM] CWE-862 CVE-2022-44626: Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Pl Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.
nvd
CVE-2025-22783P3HIGHCVSS 8.8≤ 12.4.032025-03-27
CVE-2025-22783 [HIGH] CWE-89 CVE-2025-22783: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
nvd
CVE-2024-43286P3HIGHCVSS 8.8fixed in 12.3.202024-08-18
CVE-2024-43286 [HIGH] CWE-89 CVE-2024-43286: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.19.
nvd
CVE-2025-24654P3HIGHCVSS 8.8fixed in 12.4.082025-03-03
CVE-2025-24654 [HIGH] CWE-862 CVE-2025-24654: Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo.This iss Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.07.
nvd
CVE-2022-38140P3HIGHCVSS 8.8≤ 12.1.10≥ n/a, ≤ 12.1.102022-11-28
CVE-2022-38140 [HIGH] CWE-434 CVE-2022-38140: Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPr Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.
nvd
CVE-2025-1768P3MEDIUMCVSS 6.5fixed in 12.4.062025-03-07
CVE-2025-1768 [MEDIUM] CWE-89 CVE-2025-1768: The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'se The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-le
nvd
CVE-2023-50854P3HIGHCVSS 7.2≤ 2.3.82023-12-28
CVE-2023-50854 [HIGH] CWE-89 CVE-2023-50854: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a before 2.4.02.
nvd
CVE-2024-6497P3MEDIUMCVSS 6.1fixed in 12.3.202024-07-20
CVE-2024-6497 [MEDIUM] CVE-2024-6497: The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages
nvd
CVE-2024-29790P4MEDIUMCVSS 6.1fixed in 12.3.17≥ n/a, ≤ 12.3.162024-03-27
CVE-2024-29790 [MEDIUM] CWE-79 CVE-2024-29790: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.
nvd
CVE-2021-25019P4MEDIUMCVSS 6.1fixed in 11.1.122022-03-21
CVE-2021-25019 [MEDIUM] CWE-79 CVE-2021-25019: The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter be The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
nvd
CVE-2022-45065P4MEDIUMCVSS 6.1≤ 12.1.20≥ n/a, ≤ 12.1.202023-05-08
CVE-2022-45065 [MEDIUM] CWE-79 CVE-2022-45065: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO pl Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.
nvd
CVE-2024-0597P4MEDIUMCVSS 4.8≤ 12.3.152024-02-05
CVE-2024-0597 [MEDIUM] CWE-79 CVE-2024-0597: The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in
nvd
CVE-2024-10515P4LOWCVSS 3.5fixed in 12.3.212024-11-20
CVE-2024-10515 [LOW] CWE-79 CVE-2024-10515: In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerab In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
nvd
Squirrly Seo Plugin By Squirrly Seo vulnerabilities | cvebase