CVE-2024-1168

Published June 20th, 2024

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

SEOPress – AI SEO Plugin & On-site SEO

<h3>SEOPress – The fast, privacy-first WordPress SEO plugin, ready for AI search</h3> Rank higher in Google AND in AI answer engines (ChatGPT, Claude, Perplexity, Gemini). SEOPress is the all-in-one WordPress SEO plugin trusted by 350,000+ websites since 2017: fully white label, privacy by design, and now AI-ready. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/4ysKFVr_nu0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> ✔ One SEO plugin, every page builder: Universal SEO metabox for Gutenberg, Elementor, Divi, Bricks, Oxygen, Breakdance, WPBakery, Avada, Kadence and more. <a href="https://www.seopress.org/features/page-builders-integration/" rel="nofollow ugc">See all integrations</a>. ✔ AI-powered metadata: Generate SEO titles, meta descriptions, Open Graph, X (Twitter) Cards and image alt text in bulk with OpenAI, Google Gemini, Anthropic Claude, MistralAI or DeepSeek. <a href="https://www.seopress.org/features/openai/" rel="nofollow ugc">Learn more</a>. ✔ Built for AI search (AEO / GEO): Native llms.txt support and one-click Agent Readiness toggle so ChatGPT, Claude, Perplexity & Gemini understand your content. ✔ Privacy-first & fully white label: No tracking, no data footprint, no upsells in admin. Your data stays yours. <a href="https://www.seopress.org/features/seopress-white-label/" rel="nofollow ugc">Why white label matters</a>. ✔ Content analysis with unlimited target keywords: No artificial limit per post. ✔ Migrate in one click: From Yoast SEO, Rank Math, AIOSEO, The SEO Framework, Slim SEO, SmartCrawl, Squirrly, SEO Ultimate, WP Meta SEO, Premium SEO Pack, SiteSEO. <a href="https://www.seopress.org/solutions/migrate-from/" rel="nofollow ugc">Start migration</a>. ✔ Translated into 27+ languages with professional translations. <a href="https://translate.wordpress.org/projects/wp-plugins/wp-seopress" rel="nofollow ugc">Help translate</a>. <a href="https://www.seopress.org/pricing/" rel="nofollow ugc">SEOPress PRO from $49/year: 1 site • Unlimited sites for $149/year</a> <a href="https://www.seopress.org/features/" rel="nofollow ugc">Features</a> | <a href="https://www.seopress.org/solutions/migrate-from/" rel="nofollow ugc">Migrate</a> | <a href="https://www.seopress.org/wordpress-seo-plugins/pro/" rel="nofollow ugc">PRO</a> | <a href="https://www.seopress.org/integrations/" rel="nofollow ugc">Integrations</a> | <a href="https://www.seopress.org/support/" rel="nofollow ugc">Support</a> | <a href="https://www.seopress.org/features/seopress-white-label/" rel="nofollow ugc">White Label</a> | <a href="https://www.seopress.org/features/openai/" rel="nofollow ugc">AI</a> <h3>What’s new in SEOPress 9.9</h3> A major UX release: redesigned SEO dashboard, smarter SEO box, sharper Content Analysis and a fully accessible admin. <ul> <li>🧭 Brand new SEO dashboard & admin header: Cleaner two-column layout, one-click module toggles, guided “Get Started” with numbered steps, and quick access to Help, Display options and notifications (with counter badge) on every SEO page.</li> <li>🪄 Setup wizard, fully redesigned: Faster, mobile-friendly, and easier to follow from start to finish.</li> <li>⚡ Smarter SEO box: Double-click target keywords to edit in place, Google keyword suggestions with autocomplete as you type, and a single “Update” in the Block Editor now saves every section at once (Title, Description, Advanced, Social, Redirections, Content Analysis).</li> <li>📝 Content Analysis: New content quality & structure checks to help you write better articles, plus the ability to hide an issue you don’t want to fix on a given page.</li> <li>🔄 One-click migration from SureRank and a full migration from SmartCrawl (variables in your titles & descriptions are automatically translated).</li> <li>🛠️ Tools redesigned: Reset page with confirmation prompts so nothing happens by accident, and Import / Export with a cleaner layout, “export everything” by default, and a Cancel button on CSV exports.</li> <li>👁️ Appearance › Columns: Live preview of your post lists with grouped checkboxes — see what you’ll get before you save.</li> <li>♿ Big accessibility upgrade across the whole SEO admin (WCAG 2.1 AA / RGAA 4.1 compliant), and the admin now matches your WordPress color scheme automatically.</li> <li>📊 Site Overview on the dashboard (PRO): Your Google Analytics 4 and Matomo stats directly on the SEO dashboard, with period & metric filters, an interactive chart, and a sync button.</li> <li>🎬 Video schema auto-filled (PRO): Populated from the first YouTube video found in your post — no manual copy-paste.</li> <li>↪️ Redirections (PRO): Quick Edit, search results that stay when you go back, search by destination URL, and a dedicated 404 view with a “Delete 404s” shortcut.</li> <li>🩺 Site Audit (PRO): Detects the new content quality & structure issues.</li> <li>🌍 Better Search Console URL matching (PRO) for multilingual sites (WPML / Polylang).</li> </ul> <a href="https://www.seopress.org/newsroom/product-news/seopress-9-9/" rel="nofollow ugc">Read the full 9.9 release notes →</a> <h3>Why SEOPress is the best WordPress SEO plugin?</h3> <ul> <li>All-in-one: Schemas, redirections, XML sitemaps, GSC, image SEO, breadcrumbs, broken links and more in one plugin. Fewer plugins, fewer conflicts, lower maintenance.</li> <li>Modular: Don’t need a feature? Disable it in one click without losing your settings.</li> <li>Affordable: PRO from $49/year for 1 site. Unlimited sites for $149/year. No “agency” tax.</li> <li>White label by default: Replace plugin name, logo, links and screens. Perfect for agencies and freelancers.</li> <li>GDPR-friendly: Privacy by design. Built-in compatibility with consent platforms.</li> <li>Beginner to expert: Installation wizard for newcomers, hundreds of hooks, REST API and WP-CLI for developers. Free <a href="https://www.seopress.org/support/" rel="nofollow ugc">guides</a> and <a href="https://www.seopress.org/support/ebooks/" rel="nofollow ugc">SEO ebooks</a>.</li> <li>Battle-tested: 350,000+ active installs, weekly releases, dedicated team since 2017.</li> </ul> <h3>SEOPress Free Features</h3> <ul> <li>Installation wizard: Get configured in minutes.</li> <li>Universal SEO metabox: Edit titles, descriptions, Open Graph, X Cards, schema, robots and canonical from any editor (Gutenberg, Elementor, Divi, Bricks, Oxygen, Breakdance, WPBakery, Avada, Kadence…).</li> <li>Command palette (Cmd/Ctrl+K): Jump to any setting instantly.</li> <li>Content analysis with **unlimited target keywords** to write content that ranks.</li> <li>Mobile & Desktop Google preview: See your SERP snippet before you publish.</li> <li>Facebook & X (Twitter) social preview for higher CTR on social.</li> <li>Titles & meta descriptions with <a href="https://www.seopress.org/support/guides/manage-titles-meta-descriptions/" rel="nofollow ugc">dynamic variables</a> (custom fields, terms, taxonomies).</li> <li>Open Graph & X (Twitter) Cards for Facebook, LinkedIn, Instagram, Pinterest, WhatsApp, Threads…</li> <li>Google Knowledge Graph: Organization data with address & legal fields (new in 9.8).</li> <li>llms.txt & Agent Readiness: Help AI search engines understand your site (new in 9.8).</li> <li>Google Analytics 4 & Matomo: Downloads tracking, custom dimensions, IP anonymization, remarketing, demographics, cross-domain tracking, GDPR-friendly.</li> <li>Microsoft Clarity integration: Free heatmaps and session recordings.</li> <li>Custom canonical URLs and <a href="https://www.seopress.org/support/guides/manage-meta-robots/" rel="nofollow ugc">meta robots</a> (noindex, nofollow, noimageindex, nosnippet).</li> <li>XML sitemaps (posts, pages, CPTs, taxonomies, images, authors): <a href="https://www.seopress.org/features/sitemaps/" rel="nofollow ugc">faster than ever</a> in 9.8.</li> <li>HTML sitemap for accessibility & navigation.</li> <li>Image XML sitemap for Google Images.</li> <li>Redirections at the post / page / CPT level.</li> <li>URL clean-up: Remove /category/, /product-category/, ?replytocom; redirect attachment pages to parent or file URL.</li> <li><a href="https://www.seopress.org/features/image-seo/" rel="nofollow ugc">Image SEO</a>: Auto-set image title, alt, caption and description.</li> <li><a href="https://www.seopress.org/support/guides/google-indexing-api-with-seopress/" rel="nofollow ugc">Google Indexing API & IndexNow</a> (Bing/Yandex) for instant indexing.</li> <li>Import/export settings from site to site.</li> <li>One-click migration from Yoast, Rank Math, AIOSEO, SEO Framework, SureRank, Slim SEO, SmartCrawl, Squirrly, SEO Ultimate, WP Meta SEO, Premium SEO Pack, SiteSEO.</li> </ul> <a href="https://www.seopress.org/wordpress-seo-plugins/free/features/" rel="nofollow ugc">Check out all SEOPress Free features here</a> <h3>SEOPress PRO: Take SEO further</h3> <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/zxGCY-bJYwE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <ul> <li><a href="https://www.seopress.org/features/openai/" rel="nofollow ugc">AI SEO</a>: Auto-generate titles, descriptions, OG / X tags and image alt text in bulk with OpenAI, Google Gemini (incl. **Gemini 3 Flash & 3.1 Pro**), Anthropic Claude, MistralAI, DeepSeek.</li> <li><a href="https://www.seopress.org/features/site-audit/" rel="nofollow ugc">Site Audit</a>: Full React + DataViews experience with **GSC-backed recommendations**, scan history, live progress, one-click AI alt text fixes, CSV export.</li> <li><a href="https://www.seopress.org/features/seo-alerts/" rel="nofollow ugc">SEO alerts</a>: Be warned before SEO regressions hit production.</li> <li><a href="https://www.seopress.org/features/google-search-console/" rel="nofollow ugc">Google Search Console</a>: Clicks, impressions, CTR, average position right inside post lists.</li> <li><a href="https://www.seopress.org/features/google-suggest/" rel="nofollow ugc">Google Suggestions</a> in content analysis for long-tail keyword discovery.</li> <li><a href="https://www.seopress.org/features/301-redirects/" rel="nofollow ugc">Redirect manager</a>: Unlimited 301/302/307/410/451 redirects, regex, URL tester modal, categories, CSV/htaccess import & export.</li> <li>404 monitoring & auto-redirect with email notifications.</li> <li>Broken link checker: Reliable CRON-based batch scan, even on the largest sites.</li> <li><a href="https://www.seopress.org/features/google-structured-data-types/" rel="nofollow ugc">Schema.org / JSON-LD editor</a> with **live preview**: Article, LocalBusiness, Service, How-to, FAQ, Course, Recipe, SoftwareApplication, Video, Event, Product, JobPosting, Review, ProfilePage, Custom schema.</li> <li>Automatic schemas with advanced conditions (AND/OR, post types, taxonomies).</li> <li><a href="https://www.seopress.org/features/breadcrumbs/" rel="nofollow ugc">Accessible breadcrumbs</a>: Schema.org, A11Y-ready, live preview, custom per CPT/term.</li> <li><a href="https://www.seopress.org/features/local-seo/" rel="nofollow ugc">Local SEO</a>: Local Business schema with opening hours, multiple stores.</li> <li><a href="https://www.seopress.org/features/woocommerce-seo/" rel="nofollow ugc">WooCommerce SEO</a>: Product schema with global identifiers (GTIN, MPN, brand), Enhanced Ecommerce, OG price/currency, noindex on cart/checkout/account.</li> <li>Easy Digital Downloads integration.</li> <li>Internal linking suggestions.</li> <li><a href="https://www.seopress.org/features/sitemaps/" rel="nofollow ugc">Video XML Sitemap</a> with automatic YouTube discovery + **Google News sitemap**.</li> <li><a href="https://www.seopress.org/features/google-analytics/" rel="nofollow ugc">Google Analytics dashboard</a>: Metrics inside WordPress, no context switching.</li> <li>PageSpeed Insights & Core Web Vitals reports.</li> <li><a href="https://www.seopress.org/features/htaccess-robots-txt/" rel="nofollow ugc">robots.txt & .htaccess editor</a>: Multisite / multidomain ready.</li> <li>Custom RSS feed options.</li> <li>Multilingual llms.txt with TranslatePress.</li> </ul> <a href="https://www.seopress.org/pricing/" rel="nofollow ugc">Get SEOPress PRO →</a> <h3>SEOPress Insights: Track rankings & backlinks inside WordPress</h3> <ul> <li>Keyword rank tracker: 52 Google Search locations.</li> <li>Track 50 keywords/site daily.</li> <li>Competitor tracking: See who outranks you.</li> <li>Backlinks monitored weekly.</li> <li>Google Trends: Find new content angles.</li> <li>Lifetime data access: Export to CSV / PDF / Excel.</li> <li>Email & Slack alerts.</li> </ul> <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/p6v9Jd5lRIU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <a href="https://www.seopress.org/pricing/" rel="nofollow ugc">Get SEOPress Insights →</a> <h3>WooCommerce & EDD SEO (SEOPress PRO)</h3> <ul> <li>Product schema with global identifiers (GTIN, MPN, brand).</li> <li>OG price & currency for richer social shares.</li> <li>XML sitemaps for products, including image galleries.</li> <li>Centralized noindex for cart/checkout/account/thank-you pages.</li> <li>Removes WooCommerce/EDD generator meta tag.</li> <li>Manual or automatic JSON-LD product schemas.</li> <li>Breadcrumbs with WooCommerce support.</li> <li>Global dynamic tags for titles & meta descriptions.</li> <li>Google Enhanced Ecommerce: purchases, product views, cart events.</li> </ul> <a href="https://www.seopress.org/pricing/" rel="nofollow ugc">Boost your store’s SEO →</a> <h3>Universal SEO metabox: works with every editor</h3> <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/sf0ocG7vQMM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> Edit your SEO directly inside Gutenberg, Elementor, Divi, Bricks, Oxygen, Breakdance, WPBakery, Avada, Kadence, WP Fusion. No more back-and-forth between page builder and WordPress admin. <h3>Built for developers</h3> <ul> <li>Hundreds of hooks: <a href="https://www.seopress.org/support/hooks/" rel="nofollow ugc">Browse the hooks reference</a>.</li> <li>REST API: Power headless and static sites. <a href="https://www.seopress.org/support/guides/get-started-with-the-seopress-rest-api/" rel="nofollow ugc">Get started</a>.</li> <li>WP-CLI commands: Automate everything. <a href="https://www.seopress.org/support/guides/seopress-wp-cli/" rel="nofollow ugc">CLI reference</a>.</li> <li>13+ new dev hooks in 9.8.</li> </ul> <h3>From the same team</h3> <a href="https://wordpress.org/plugins/mailerpress/" rel="ugc">Try MailerPress, the best email marketing plugin for WordPress</a>

WordPress Plugin Directory

19.4M