Vulnerabilities and security researches forcds-simple-seo cds-simple-seo

Nov 10, 2025

CVE, Research URL: CVE-2025-10357
Home page URL: Security reports for Simple SEO
Application: Simple SEO
Date: Oct 14, 2025
Research Description: The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
Affected versions: max 2.0.32.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-45269
Home page URL: Security reports for Simple SEO
Application: Simple SEO
Date: Oct 13, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.
Affected versions: max 2.0.26.
Status: vulnerable

CVE, Research URL: CVE-2022-1628
Home page URL: Security reports for Simple SEO
Application: Simple SEO
Date: Sep 06, 2022
Research Description: The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page.
Affected versions: max 1.7.92.
Status: vulnerable

CVE, Research URL: CVE-2022-36404
Home page URL: Security reports for Simple SEO
Application: Simple SEO
Date: Nov 04, 2022
Research Description: Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.
Affected versions: max 1.8.13.
Status: vulnerable

CVE, Research URL: CVE-2022-44627
Home page URL: Security reports for Simple SEO
Application: Simple SEO
Date: Nov 04, 2022
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps.
Affected versions: max 1.7.92.
Status: vulnerable