SiteSEO%20%E2%80%93%20SEO%20Simplified Details

SiteSEO – SEO Simplified

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-9277

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-Not Assigned

Published-26 Aug, 2025 | 22:26

Updated-26 Aug, 2025 | 23:15

SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-softaculous

Product-SiteSEO – SEO Simplified

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')