XSS Bug in SEOPress WordPress Plugin Allows Site Takeover.


The SEOPress WordPress plugin contains a stored crosssite scripting (XSS) vulnerability that might allow attackers to insert arbitrary web programmes into websites.

When a user entered the ‘All Posts’ page, these web scripts would run. Crosssite scripting flaws like this one can lead to a range of malicious behaviours, including the establishment of new administrative accounts, webshell injection, arbitrary redirects, and more. An attacker might simply exploit this flaw to take control of a WordPress site.

Read More…