CVE-2024-4900

June 24, 2024, 12:57 p.m.

Product(s) Impacted

SEOPress WordPress plugin

  • before 7.8

Description

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post

Weaknesses

Date

Published: June 24, 2024, 6:15 a.m.

Last Modified: June 24, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

contact@wpscan.com

References