CVE-2021-25019

CVE-2021-25019: SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting

Vendor Unknown

Product SEO Plugin by Squirrly SEO

Weakness CWE-79 · XSS

Published March 21, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

March 21, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25019 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-12501 Simple Locator <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-53287 WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability CVE-2023-53928 PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload CVE-2024-52809 Cross-site Scripting vulnerability with prototype pollution in vue-i18n CVE-2025-11162 Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS