CVE-2024-4899 – This vulnerability in the SEOPress WordPress pl... (How to Fix)

Q: What is the severity of CVE-2024-4899?

CVE-2024-4899 has a CVSS score of 5.0 (MEDIUM). This vulnerability in the SEOPress WordPress plugin allows high-privilege users (like contributors) to inject malicious scripts into post settings. When other users view affected posts, the scripts execute in their browsers. Only WordPress sites using vulnerable SEOPress versions are affected.

📋 TL;DR

This vulnerability in the SEOPress WordPress plugin allows high-privilege users (like contributors) to inject malicious scripts into post settings. When other users view affected posts, the scripts execute in their browsers. Only WordPress sites using vulnerable SEOPress versions are affected.

💻 Affected Systems

Products:

SEOPress WordPress Plugin

Versions: All versions before 7.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with SEOPress plugin and contributor-level or higher user accounts.

📦 What is this software?

Seopress by Seopress

View all CVEs affecting Seopress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A compromised contributor account could inject persistent XSS payloads that steal admin credentials, redirect users to malicious sites, or perform actions as authenticated users.

🟠

Likely Case

Malicious contributors could deface posts, inject ads, or steal session cookies from users viewing affected posts.

🟢

If Mitigated

With proper user access controls and content security policies, impact is limited to minor content manipulation within contributor privileges.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires contributor-level access. Proof of concept is publicly available via WPScan.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.8 and later

Vendor Advisory: https://wpscan.com/vulnerability/15346ae9-9a29-4968-a6a9-81d1116ac448/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find SEOPress and click 'Update Now'. 4. Verify version is 7.8 or higher.

🔧 Temporary Workarounds

Temporarily disable plugin

all

Deactivate SEOPress plugin until patched

wp plugin deactivate wp-seopress

Restrict contributor capabilities

all

Temporarily remove contributor ability to edit posts

Use WordPress role editor plugin or custom code to modify capabilities

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Audit and monitor contributor account activity for suspicious post edits

🔍 How to Verify

Check if Vulnerable:

Check SEOPress plugin version in WordPress admin under Plugins > Installed Plugins

Check Version:

wp plugin get wp-seopress --field=version

Verify Fix Applied:

Confirm SEOPress version is 7.8 or higher in plugin details

📡 Detection & Monitoring

Log Indicators:

Unusual post edits by contributor accounts
Script tags in post_content or postmeta tables

Network Indicators:

Unexpected external script loads from WordPress posts

SIEM Query:

source="wordpress.log" AND "post_modified" AND user_role="contributor" AND ("script" OR "javascript" OR "onclick")

📊 Metadata

CVE ID: CVE-2024-4899

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-79

Published: June 24, 2024

Last Updated: May 19, 2025

🔗 References

https://wpscan.com/vulnerability/15346ae9-9a29-4968-a6a9-81d1116ac448/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/15346ae9-9a29-4968-a6a9-81d1116ac448/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4899, you might also want to check these: