From WORDFENCE.com 16 August 2021
This entry was posted in Research, Vulnerabilities, WordPress Security on August 16, 2021 by Chloe Chamberland
On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites. This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site which would execute anytime a user accessed the “All Posts” page.
Wordfence Premium users received a firewall rule to protect against any exploits targeting this vulnerability on July 29, 2021. Sites still using the free version of Wordfence will receive the same protection on August 28, 2021.
We initially reached out to the plugin developer on July 29, 2021. After receiving confirmation of an appropriate communication channel the next day on July 30, 2021, we provided the full disclosure details. The vendor quickly acknowledged the report and a patch was released on August 4, 2021 in version 5.0.4.
We strongly recommend updating immediately to the latest patched version of SEOPress, version 5.0.4, if you are currently using a vulnerable version of the plugin.
Description: Stored Cross-Site Scripting via REST-API
Affected Plugin:SEOPress
Plugin Slug: wp-seopress
Affected Versions: 5.0.0 – 5.0.3
CVE ID:CVE-2021-34641
CVSS Score: 6.4 (Medium)
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Researcher/s: Chloe Chamberland
Fully Patched Version: 5.0.4
SEOPress is a WordPress plugin designed to optimize the SEO of WordPress sites through many different features, like the ability to add SEO meta-data, breadcrumbs, schemas, and more. One feature the plugin implements is the ability to add a SEO title and description to posts, and this can be done while saving edits to a post or via a newly introduced REST-API endpoint.
Read the rest of the article: XSS Vulnerability Patched in SEOPress Affects 100,000 sites (wordfence.com)