← volver
CVE-2025-10357

Simple SEO < 2.0.32 - Contributor+ Stored XSS

CVSS 6.1 MEDIUMEPSS 0.2%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Unknown · Simple SEO