Executive Summary

This vulnerability is a Cross Site Scripting (XSS) issue found in the WordPress SeedProd Pro Plugin versions prior to 6.19.5.

It allows an attacker to inject malicious scripts into the website, which can execute when visitors access the site.

Exploitation requires a privileged user to perform an action such as clicking a malicious link or submitting a form.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability could allow attackers to run malicious scripts on your website.

• These scripts could perform redirects to malicious sites.
• They could display unwanted advertisements.

The vulnerability has a CVSS score of 6.5, indicating a moderate risk that could be leveraged in widespread attacks targeting websites of any size or popularity.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects the WordPress SeedProd Pro Plugin versions prior to 6.19.5. Detection involves verifying the plugin version installed on your WordPress site.

• Check the SeedProd Pro plugin version via the WordPress admin dashboard under Plugins.
• Use WP-CLI command to check the plugin version: wp plugin list | grep seedprod
• Look for suspicious user actions or unexpected script injections in logs, especially from privileged users clicking links or submitting forms.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate recommended action is to update the SeedProd Pro plugin to version 6.19.5 or later, where the vulnerability is patched.

• Apply the official patch by upgrading the plugin to version 6.19.5 or newer.
• Enable auto-updates for the SeedProd Pro plugin if using Patchstack or similar management tools.
• Limit privileged user actions and educate users about the risks of clicking suspicious links or submitting untrusted forms.

Useful 0 Not Useful 0