{"id":64912,"date":"2025-06-11T16:31:58","date_gmt":"2025-06-11T13:01:58","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-3302-xagio-seo-wordpress-stored-cross-site-scripting\/"},"modified":"2025-06-11T16:31:58","modified_gmt":"2025-06-11T13:01:58","slug":"cve-2025-3302-xagio-seo-wordpress-stored-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-3302-xagio-seo-wordpress-stored-cross-site-scripting\/","title":{"rendered":"CVE-2025-3302 &#8211; Xagio SEO \u2013 WordPress Stored Cross-Site Scripting"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-3302<br \/>\n<br \/>\n<strong>Published : <\/strong> June 11, 2025, 12:15 p.m. | 43\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018HTTP_REFERER\u2019 parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 7.2 | HIGH<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-3302 Published : June 11, 2025, 12:15 p.m. | 43\u00a0minutes ago Description : The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018HTTP_REFERER\u2019 parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-64912","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/64912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=64912"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/64912\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=64912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=64912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=64912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}