{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9277", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-20T19:11:22.801Z", "datePublished": "2025-08-26T22:26:50.814Z", "dateUpdated": "2026-04-08T17:17:50.443Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:50.443Z"}, "affected": [{"vendor": "softaculous", "product": "SiteSEO \u2013 SEO Simplified", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "SiteSEO \u2013 SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8c7cca2-94d2-4a86-bc69-d7b2b0f068ba?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.2.6/main/advanced.php#L80"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "timeline": [{"time": "2025-08-13T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-08-26T10:21:52.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-27T20:43:08.782198Z", "id": "CVE-2025-9277", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T20:43:20.115Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-27T20:43:08.782198Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T20:43:15.544Z"}}], "cna": {"title": "SiteSEO \u2013 SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression", "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "softaculous", "product": "SiteSEO \u2013 SEO Simplified", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-13T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-08-26T10:21:52.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8c7cca2-94d2-4a86-bc69-d7b2b0f068ba?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.2.6/main/advanced.php#L80"}], "descriptions": [{"lang": "en", "value": "The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:50.443Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9277", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:17:50.443Z", "dateReserved": "2025-08-20T19:11:22.801Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-26T22:26:50.814Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento SiteSEO \u2013 SEO Simplified para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de la expresi\u00f3n preg_replace defectuosa en todas las versiones hasta la 1.2.7 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-9277", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-26T23:15:35.963", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.2.6/main/advanced.php#L80"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8c7cca2-94d2-4a86-bc69-d7b2b0f068ba?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:47:48.897040+00:00", "value": {"mitigation_remediation": ["Apply the latest version of the SiteSEO \u2013 SEO Simplified plugin, ensuring it is above 1.2.7", "If an update is not immediately possible, disable or uninstall the plugin to eliminate the vulnerability", "Restrict Contributor role permissions or remove access to the plugin\u2019s configuration fields until a patch is applied"], "summary": {"action": "Update Plugin", "impact": "Stored Cross\u2011Site Scripting that allows authenticated users with Contributor access to inject scripts executed by others"}, "threat_synthesis": {"affected_systems": "WordPress installations running the SiteSEO \u2013 SEO Simplified plugin with version 1.2.7 or earlier are affected. The flaw exists only in the source code of those releases and is not present in newer versions released after 1.2.7.", "description_and_impact": "The vulnerability arises from a faulty regular expression in the preg_replace call that fails to sanitize user input and escape output. This flaw permits an authenticated Contributor or higher level user to embed arbitrary JavaScript into plugin configuration pages. When another user opens the affected page, the injected script runs in their browser context. The impact is client\u2011side code execution that can lead to session hijacking, credential theft, or defacement of the site. The weakness matches CWE\u201179, a classic reflected or stored XSS scenario.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity, while the EPSS score of less than 1% suggests that exploitation is unlikely at this time. Because the attack requires legitimate Contributor or higher authentication, an attacker must first compromise a user\u2019s credentials or gain access through an existing account. The plugin is not listed in the CISA KEV catalog, further reducing the immediate threat posture for most environments."}}}}, "created": "2025-08-27T11:21:30.676615+00:00", "updated": "2026-04-20T20:00:10.506277+00:00", "vendors": ["softaculous", "softaculous$PRODUCT$siteseo", "wordpress", "wordpress$PRODUCT$wordpress"]}