Threat Entry Updated 2025-10-14

CVE-2025-10357 - Simple Seo Plugin

The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

PLUGIN Simple Seo

CVE-2025-10357

MEDIUM CVSS 6.1 2025-10-14

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-44627 - Simple Seo Plugin

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin

PLUGIN Simple Seo

CVE-2022-44627

MEDIUM CVSS 5.4 2022-11-03

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1628 - Simple Seo Plugin

The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.

PLUGIN Simple Seo

CVE-2022-1628

MEDIUM CVSS 6.4 2022-09-06

Risk Score

Open Full Technical Breakdown