Lucene search
Fuzzyap1WPVDB-ID:68882F81-12D3-4E98-82FF-6754AC4CCFA1HistoryFeb 21, 2022 - 12:00 a.m.
SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting
2022-02-2100:00:00
fuzzyap1
wpscan.com
7
seo 301 meta
stored cross-site scripting
admin2830
request settings
destination settings
cross-site scripting attacks
unfiltered_html capability
poc
software
EPSS
0.001
Percentile
24.8%
The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PoC
Put the following payload in the Request or Destination settings of the plugin: " style=animation-name:rotation onanimationstart=alert(/XSS/)//
Related
cvelist
cvelist
CVE-2022-0701 SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting
2022-03-14 14:41:49
prion
prion
Cross site scripting
2022-03-14 15:15:00
patchstack
patchstack
cve
cve
CVE-2022-0701
2022-03-14 15:15:10
wpexploit
wpexploit
SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting
2022-02-21 00:00:00
cnvd
cnvd
WordPress SEO 301 Meta plugin cross-site scripting vulnerability
2022-03-16 00:00:00
nvd
nvd
CVE-2022-0701
2022-03-14 15:15:10