Unknown Seopress vulnerabilities

CVE-2024-5488 [CRITICAL] CWE-502 CVE-2024-5488: The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, whi The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present.

CVE-2024-4900 [MEDIUM] CWE-601 CVE-2024-4900: The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, whi The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post

CVE-2024-4899 [MEDIUM] CWE-79 CVE-2024-4899: The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, wh The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.

CVE-2023-6290 [MEDIUM] CWE-79 CVE-2023-6290: The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which co The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVE-2023-1669 [HIGH] CWE-502 CVE-2023-1669: The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, whic The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.