🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

SEO Plugin by Squirrly SEO

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > SEO Plugin by Squirrly SEO

Information

Software Type	Plugin
Software Slug	squirrly-seo (view on wordpress.org)
Software Status	Active
Software Author	cifi
Software Website	wordpress.org
Software Downloads	4,748,624
Software Active Installs	100,000
Software Record Last Updated	April 24, 2024

8 Vulnerabilities

SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting

6.1

CVE-2024-29790

Mar 25, 2024

Researcher: Rafie Muhammad

SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2024-0597

Jan 29, 2024

Researcher: Akbar Kustirama

SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'

6.1

CVE-2022-45065

Mar 17, 2023

Researcher: Rafie Muhammad

SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization

6.3

CVE-2022-44626

Mar 17, 2023

Researcher: Rafie Muhammad

SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2022-38140

Oct 25, 2022

Researcher: Rafie Muhammad

SEO Plugin by Squirrly SEO <= 11.1.11 - Reflected Cross-Site Scripting

6.1

CVE-2021-25019

Feb 28, 2022

Researcher: Krzysztof Zając

SEO Plugin by Squirrly SEO < 6.1.5 - Missing Authorization Checks

7.3

CVE ID Unknown

Jul 11, 2016

Researcher: Panagiotis Vagenas

SEO Plugin by Squirrly SEO < 6.1.5 - Directory Traversal

7.5

CVE ID Unknown

Jul 11, 2016

Researcher: Panagiotis Vagenas

Title	CVE ID	CVSS	Researchers	Date
SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting	CVE-2024-29790	6.1	Rafie Muhammad	March 25, 2024
SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2024-0597	4.4	Akbar Kustirama	January 29, 2024
SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'	CVE-2022-45065	6.1	Rafie Muhammad	March 17, 2023
SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization	CVE-2022-44626	6.3	Rafie Muhammad	March 17, 2023
SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2022-38140	8.8	Rafie Muhammad	October 25, 2022
SEO Plugin by Squirrly SEO <= 11.1.11 - Reflected Cross-Site Scripting	CVE-2021-25019	6.1	Krzysztof Zając	February 28, 2022
SEO Plugin by Squirrly SEO < 6.1.5 - Missing Authorization Checks		7.3	Panagiotis Vagenas	July 11, 2016
SEO Plugin by Squirrly SEO < 6.1.5 - Directory Traversal		7.5	Panagiotis Vagenas	July 11, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation