CVE-2025-3302

Published June 11th, 2025

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.

Xagio SEO – AI Powered SEO

<h3>Xagio SEO takes an entirely new approach to SEO by combining keyword & competition research, clustering & optimization, content & schema and all of it is powered by AI!</h3> Forget endless checklists and manual optimizations – Xagio AI handles it for you while the Project Planner centralizes your entire SEO workflow. ✅AI-Powered SEO Instantly generate WordPress SEO titles, meta descriptions, content, and schema with AI. ✅Project Planner Optimize your entire website from a single dashboard instead of jumping between tools. ✅Built-in Features Everything you need for WordPress SEO without requiring extra plugins or upgrades. ✅Xagio includes AI-powered optimizations at no cost – no hidden paywalls, just smarter SEO. With AI-driven automation and a structured workflow, Xagio makes powerful SEO simple, fast, and effective. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/W95Ka2Y8nws?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>🎯 Is Xagio the Right WordPress SEO Plugin for You?</h3> Xagio is built for everyone, from solo website owners to large agencies managing multiple clients. ✅ For Beginners No experience? No problem. Xagio AI automates keyword research, meta optimization, and schema generation – so you get fast SEO results without the learning curve. 💼 For Business Owners Rank higher and drive traffic without hiring an SEO expert. Xagio handles technical SEO while you focus on growing your business. ⚡ For SEO Professionals & Agencies Xagio automates, centralizes, and optimizes your workflow, from sales & onboarding to fulfillment & reporting. Replace multiple tools, reduce inefficiencies, and maximize client retention and profitability. 🔗 For Affiliates Optimize niche sites, product reviews, and landing pages with AI-powered SEO – increase rankings and earn more commissions with less effort. 🏗️ For PBN Managers Xagio Network Management tools simplify the process of maintaining large private blog networks, helping you organize, update, and optimize multiple sites in one place. 📍For Local SEO Experts Dominate local rankings with AI-optimized metadata, schema, and structured content – boosting visibility for Google Maps and local searches. 🛒 For eCommerce Stores Enhance product pages, categories, and descriptions with AI-driven SEO – improve rankings, click-through rates, and sales effortlessly. <h3>The Project Planner – Optimize & Edit Your Entire Site from One Dashboard</h3> â€œThe most valuable asset any SEO has is time, and with Xagio Project Planner, you’ll get it back.â€ The Project Planner is the command center for your SEO strategy. Instead of switching between tools, Xagio organizes all SEO data by page – including keywords, rankings, competition, and CPC – so you can optimize faster and make smarter decisions. ✅ AI-Powered Bulk Optimization Apply AI-generated titles, meta descriptions, and H1s across multiple pages at once – saving hours of manual work. ✅ Instant Site & Keyword Onboarding Import all pages, keywords, and rankings in one step, streamlining optimization. ✅ Full-Site SEO, Organized by Page View keywords, rankings, competition, CPC – grouped per page for faster, smarter optimization workflows. ✅ Bring Your Own Data Already have keyword research? Import your keyword list instantly and let Xagio’s AI handle the rest. ✅ Advanced Keyword Clustering Group thousands of keywords into highly relevant, structured groups – helping you create better-targeted content. ✅ Seeding for Precision Targeting Search for specific words or patterns across all keyword groups and pull them into a single focused group for precise content planning. ✅ With Xagio AI-driven workflows, you can optimize entire websites faster, eliminate guesswork, and make data-driven SEO decisions – all from one dashboard. 🚀 <h3>🔥 Everything You Need for SEO – Completely Integrated</h3> Xagio combines AI-powered SEO with essential site management tools, so you can rank higher without expensive add-ons. <iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/Hwnn9WovaKQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe> <h3>🚀 AI-Powered SEO Optimization</h3> <ul> <li>AI Meta Optimization – Instantly generate SEO-friendly titles, descriptions, and headers.</li> <li>AI Content – Create structured, search-optimized content in a single click.</li> <li>AI Schema – Automatically generate structured data for rich snippets & better SERP visibility.</li> </ul> <h3>📊 Project Planning & Keyword Management</h3> <ul> <li>The Project Planner – Manage & optimize your entire site from one dashboard.</li> <li>Keyword Import & Clustering – Organize keywords into strategic groups for better content planning.</li> <li>Seeding for Precision Targeting – Pull specific keywords from multiple groups into a single focus group.</li> <li>Automatic Site Audit (Ranking Keywords Per Page) – Instantly discover which keywords your pages rank for.</li> </ul> <h3>⚙️ On-Page SEO</h3> <ul> <li>Edit H1, Title, and Meta Descriptions in the page editor – Optimize directly while creating content.</li> <li>Centralized H1, Title, and Meta Description management – Edit and update in one place for better efficiency.</li> </ul> <h3>🔀 301 & 404 Management</h3> <ul> <li>Create unlimited 301 redirects – Redirect old URLs to maintain SEO value.</li> <li>404 monitoring for high-traffic pages – Identify and fix broken links before they hurt your rankings.</li> </ul> <h3>🏗️ Content Silo Management</h3> <ul> <li>Physical Silos via Pages – Strengthen SEO by structuring content hierarchically.</li> <li>Virtual Silos via Links – Improve internal linking without changing your site structure.</li> <li>Organize Blogs with Tags & Categories – Keep content structured for better discoverability.</li> </ul> <h3>🔗 Link Management</h3> <ul> <li>Track Image & Text Links – Monitor performance and engagement.</li> <li>Link Impressions, Clicks & Conversion Stats – Gain insights into link performance.</li> <li>Use Shortcodes for Internal Links – Simplify internal linking across your site.</li> <li>Masked Links for External Use – Keep external URLs clean and trackable.</li> </ul> <h3>⭐ Customer Reviews</h3> <ul> <li>Fully Customizable Review Design & Fields – Collect and display reviews the way you want.</li> <li>Collect Reviews, Ratings, or Both – Build trust and credibility with user-generated content.</li> <li>Global or Per Page Review Functionality – Control where and how reviews appear.</li> <li>Automatic Aggregate Rating Calculation & Schema Injection – Boost SEO with structured review data.</li> </ul> <h3>💾 Fully Automated Backup & Restore</h3> <ul> <li>Save Backups Locally or to Cloud – Keep your data secure.</li> <li>Set Up Automated Backup Schedules – Never lose important site information.</li> <li>1-Click Restore from Backups – Recover lost data instantly.</li> </ul> <h3>🔁 WordPress Cloning</h3> <ul> <li>Clone WordPress Site from URL – Quickly duplicate entire sites.</li> <li>Backup Source & Target Domains Before Cloning – Ensure safe migrations.</li> </ul> <h3>🛠️ Rescue Center</h3> <ul> <li>Easy & Advanced Restore Modes – Roll back changes effortlessly.</li> <li>Fix Broken Plugins & Themes – Repair corrupted installations.</li> <li>Scan Media Library for Malware – Protect your site from security threats.</li> </ul> <h3>SEO Has Evolved – It’s Time to Evolve With It 🚀</h3> Traditional SEO is slow, expensive, and frustrating. Xagio AI eliminates complexity, giving you the fastest, easiest way to rank higher and drive more traffic. Stop wasting time with outdated methods – install Xagio today and start ranking smarter. 🚀 <h3>Third-Party Services</h3> This plugin relies on third-party services to provide certain functionalities. Below is a list of the services used and the purposes for which they are used. <h3>Xagio Panel API</h3> <ul> <li>Purpose: This service is used for license verification, updates, and website management, ensuring the plugin operates smoothly and stays up-to-date with the latest features and security patches.</li> <li>Service URL: <a href="https://app.xagio.net" rel="nofollow ugc">Xagio Panel</a></li> <li>Terms of Use: <a href="https://xagio.net/terms" rel="nofollow ugc">Xagio Panel Terms of Use</a></li> <li>Privacy Policy: <a href="https://xagio.net/privacy" rel="nofollow ugc">Xagio Panel Privacy Policy</a></li> </ul> <h3>Pixabay API</h3> <ul> <li>Purpose: This service is used for sourcing royalty-free images to enhance content within the plugin.</li> <li>Service URL: <a href="https://pixabay.com/api/" rel="nofollow ugc">Pixabay</a></li> <li>Terms of Use: <a href="https://pixabay.com/service/terms/" rel="nofollow ugc">Pixabay Terms of Service</a></li> <li>Privacy Policy: <a href="https://pixabay.com/service/privacy/" rel="nofollow ugc">Pixabay Privacy Policy</a></li> </ul> <h3>YouTube Embeds</h3> <ul> <li>Purpose: This service is used to embed YouTube videos within the plugin’s UI, allowing users to easily add video content to their websites, which can enhance SEO through multimedia content.</li> <li>Service URL: <a href="https://www.youtube.com" rel="nofollow ugc">YouTube</a></li> <li>Terms of Use: <a href="https://www.youtube.com/t/terms" rel="nofollow ugc">YouTube Terms of Use</a></li> <li>Privacy Policy: <a href="https://policies.google.com/privacy" rel="nofollow ugc">YouTube Privacy Policy</a></li> </ul> <h3>Tawk.to</h3> <ul> <li>Purpose: This service is used for live chat support, enabling real-time communication between users and support teams.</li> <li>Service URL: <a href="https://tawk.to" rel="nofollow ugc">Tawk.to</a></li> <li>Terms of Use: <a href="https://www.tawk.to/terms-of-service/" rel="nofollow ugc">Tawk.to Terms of Use</a></li> <li>Privacy Policy: <a href="https://www.tawk.to/privacy-policy/" rel="nofollow ugc">Tawk.to Privacy Policy</a></li> </ul> <h3>Dropbox API</h3> <ul> <li>Purpose: This service is used for cloud storage and retrieval of content files, including images and backups.</li> <li>Service URLs: <ul> <li><a href="https://content.dropboxapi.com" rel="nofollow ugc">Content API</a></li> <li><a href="https://api.dropboxapi.com" rel="nofollow ugc">API</a></li> </ul> </li> <li>Terms of Use: <a href="https://www.dropbox.com/terms" rel="nofollow ugc">Dropbox Terms of Service</a></li> <li>Privacy Policy: <a href="https://www.dropbox.com/privacy" rel="nofollow ugc">Dropbox Privacy Policy</a></li> </ul> <h3>Google APIs</h3> <ul> <li>Purpose: This service is used for various Google functionalities, including Google Search Console integration, Google Drive access, and Google Analytics tracking.</li> <li>Service URLs: <ul> <li><a href="https://www.googleapis.com" rel="nofollow ugc">Google APIs</a></li> <li><a href="https://www.google.com" rel="nofollow ugc">Google</a></li> </ul> </li> <li>Terms of Use: <a href="https://policies.google.com/terms" rel="nofollow ugc">Google Terms of Service</a></li> <li>Privacy Policy: <a href="https://policies.google.com/privacy" rel="nofollow ugc">Google Privacy Policy</a></li> </ul> <h3>Microsoft Graph API</h3> <ul> <li>Purpose: This service is used for integrating Microsoft services, including OneDrive and Microsoft Office 365.</li> <li>Service URLs: <ul> <li><a href="https://graph.microsoft.com" rel="nofollow ugc">Graph API</a></li> </ul> </li> <li>Terms of Use: <a href="https://www.microsoft.com/en-us/servicesagreement" rel="nofollow ugc">Microsoft Terms of Use</a></li> <li>Privacy Policy: <a href="https://privacy.microsoft.com/en-us/privacystatement" rel="nofollow ugc">Microsoft Privacy Policy</a></li> </ul> <h3>Microsoft Online Login</h3> <ul> <li>Purpose: This service is used for authenticating users via Microsoft services, including Office 365 and OneDrive integrations within the plugin.</li> <li>Service URL: <a href="https://login.microsoftonline.com" rel="nofollow ugc">Microsoft Online Login</a></li> <li>Terms of Use: <a href="https://www.microsoft.com/en-us/servicesagreement" rel="nofollow ugc">Microsoft Online Terms of Service</a></li> <li>Privacy Policy: <a href="https://privacy.microsoft.com/en-us/privacystatement" rel="nofollow ugc">Microsoft Privacy Policy</a></li> </ul> <h3>Chrome Web Store</h3> <ul> <li>Purpose: This service is used for distributing browser extensions associated with the plugin’s functionalities.</li> <li>Service URL: <a href="https://chromewebstore.google.com" rel="nofollow ugc">Chrome Web Store</a></li> <li>Terms of Use: <a href="https://www.google.com/chrome/privacy/eula_text.html" rel="nofollow ugc">Chrome Web Store Terms of Service</a></li> <li>Privacy Policy: <a href="https://policies.google.com/privacy" rel="nofollow ugc">Google Privacy Policy</a></li> </ul> <h3>Facebook APIs</h3> <ul> <li>Purpose: This service is used for social media integration, including posting to Facebook and accessing Facebook Insights.</li> <li>Service URLs: <ul> <li><a href="https://www.facebook.com" rel="nofollow ugc">Facebook</a></li> <li><a href="https://developers.facebook.com" rel="nofollow ugc">Developers</a></li> </ul> </li> <li>Terms of Use: <a href="https://www.facebook.com/terms.php" rel="nofollow ugc">Facebook Terms of Service</a></li> <li>Privacy Policy: <a href="https://www.facebook.com/policy.php" rel="nofollow ugc">Facebook Data Policy</a></li> </ul> <h3>W3C Validator</h3> <ul> <li>Purpose: This service is used for validating the plugin’s generated HTML to ensure compliance with web standards.</li> <li>Service URL: <a href="http://www.w3.org" rel="nofollow ugc">W3C Validator</a></li> <li>Terms of Use: <a href="https://www.w3.org/Consortium/Legal/2015/terms-of-use" rel="nofollow ugc">W3C Terms of Service</a></li> <li>Privacy Policy: <a href="https://www.w3.org/Consortium/Legal/2015/privacy-statement" rel="nofollow ugc">W3C Privacy Policy</a></li> </ul> <h3>WordPress.org</h3> <ul> <li>Purpose: This service is used for plugin updates, downloads, and API requests to the WordPress repository.</li> <li>Service URLs: <ul> <li><a href="https://wordpress.org" rel="ugc">WordPress</a></li> <li><a href="https://downloads.wordpress.org" rel="nofollow ugc">Downloads</a></li> <li><a href="http://api.wordpress.org" rel="nofollow ugc">API</a></li> </ul> </li> <li>Terms of Use: <a href="https://wordpress.org/about/privacy/" rel="ugc">WordPress Terms of Service</a></li> <li>Privacy Policy: <a href="https://wordpress.org/about/privacy/" rel="ugc">WordPress Privacy Policy</a></li> </ul> <h3>Bannerbear</h3> <ul> <li>Purpose: This service is used for generating dynamic images and banners for SEO purposes.</li> <li>Service URL: <a href="https://www.bannerbear.com" rel="nofollow ugc">Bannerbear</a></li> <li>Terms of Use: <a href="https://www.bannerbear.com/terms/" rel="nofollow ugc">Bannerbear Terms of Service</a></li> <li>Privacy Policy: <a href="https://www.bannerbear.com/privacy/" rel="nofollow ugc">Bannerbear Privacy Policy</a></li> </ul> <h3>Schema.org</h3> <ul> <li>Purpose: This service is used for structured data validation and schema generation to improve SEO.</li> <li>Service URLs: <ul> <li><a href="https://validator.schema.org" rel="nofollow ugc">Schema.org Validator</a></li> <li><a href="http://schema.org" rel="nofollow ugc">Schema.org</a></li> </ul> </li> <li>Terms of Use: <a href="https://schema.org/docs/terms.html" rel="nofollow ugc">Schema.org Terms of Use</a></li> <li>Privacy Policy: <a href="https://schema.org/docs/privacy.html" rel="nofollow ugc">Schema.org Privacy Policy</a></li> </ul> <h3>Google Tag Manager</h3> <ul> <li>Purpose: This service is used for managing and deploying marketing tags (snippets of code) on your website.</li> <li>Service URL: <a href="https://www.googletagmanager.com" rel="nofollow ugc">Google Tag Manager</a></li> <li>Terms of Use: <a href="https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/" rel="nofollow ugc">Google Tag Manager Terms of Service</a></li> <li>Privacy Policy: <a href="https://policies.google.com/privacy" rel="nofollow ugc">Google Privacy Policy</a></li> </ul> <h3>Gravatar</h3> <ul> <li>Purpose: This service is used for displaying user avatars in the plugin’s UI based on their email addresses.</li> <li>Service URL: <a href="https://gravatar.com/" rel="nofollow ugc">Gravatar</a></li> <li>Terms of Use: <a href="https://wordpress.com/tos/" rel="nofollow ugc">Gravatar Terms of Service</a></li> <li>

WordPress Plugin Directory

207K