CVE-2022-0701

CVE-2022-0701: SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Seo 301 Meta
Weakness CWE-79 · XSS
Published March 14, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

March 14, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-9384 Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting CVE-2022-1527 WP 2FA < 2.2.1 - Reflected Cross-Site Scripting CVE-2024-2211 Cross-Site Scripting vulnerability in Gophish Admin Panel CVE-2024-37428 WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-24274 Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)