CVE-2024-2165 in SEOPress Plugininfo

Summary

by MITRE • 04/10/2024

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/14/2026

The CVE-2024-2165 vulnerability affects the SEOPress on-site SEO plugin for WordPress, representing a critical stored cross-site scripting flaw that compromises the security of WordPress installations. This vulnerability exists in all versions up to and including 7.5.2.1, making it a widespread concern for WordPress users who rely on this popular SEO plugin. The flaw specifically targets the image alt parameter handling within the plugin's functionality, creating a persistent vector for malicious code injection that can affect multiple users simultaneously.

The technical root cause of this vulnerability stems from inadequate input sanitization and insufficient output escaping mechanisms within the plugin's codebase. When authenticated attackers with author-level privileges or higher submit malicious content through the image alt parameter, the plugin fails to properly validate or sanitize the input before storing it in the database. This stored malicious content then executes whenever any user accesses pages containing the injected scripts, creating a persistent threat that can affect all visitors to the compromised WordPress site. The vulnerability operates under CWE-79 which specifically addresses Cross-Site Scripting flaws, where insufficient input validation allows malicious scripts to be executed in the context of the victim's browser.

The operational impact of CVE-2024-2165 extends beyond simple script execution, as it enables attackers to perform various malicious activities through the compromised WordPress environment. Authorized attackers can leverage this vulnerability to steal user sessions, redirect visitors to malicious websites, deface the site content, or harvest sensitive information from authenticated users. The stored nature of the vulnerability means that once injected, the malicious scripts remain active until manually removed, creating a persistent threat that can be exploited repeatedly. This vulnerability particularly impacts WordPress sites that rely heavily on image uploads and SEO optimization features, as the attack vector directly targets the plugin's core functionality.

Organizations and WordPress administrators should prioritize immediate mitigation of this vulnerability by updating to the latest version of the SEOPress plugin where the issue has been resolved. The recommended approach includes implementing proper input validation and output escaping mechanisms that align with industry best practices for web application security. Additionally, administrators should consider implementing web application firewalls and monitoring systems to detect potential exploitation attempts. The vulnerability also highlights the importance of privilege separation and role-based access controls, as the attack requires only author-level access, making it particularly dangerous in environments where multiple users have elevated privileges. This issue aligns with ATT&CK technique T1548.002 which covers abuse of cloud service principals and T1566 which involves credential access through social engineering, emphasizing the need for comprehensive security measures beyond simple patching.

Responsible

Wordfence

Reservation

03/04/2024

Disclosure

04/10/2024

Moderation

accepted

CPE

ready

EPSS

0.00423

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!