CVE-2024-9066

📊 6.4 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 10, 2024

📋 Status: Analyzed

The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	secretlab	marketing and seo booster	≤ 1.9.10 Target SW: wordpress	Vulnerable	cpe:2.3:a:secretlab:marketing_and_seo_booster::::::wordpress::*

📱

secretlab / marketing and seo booster

Application

Vulnerable

Version: ≤ 1.9.10

Target SW: wordpress

CPE:

cpe:2.3:a:secretlab:marketing_and_seo_booster:*:*:*:*:*:wordpress:*:*

Metrics

6.4 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

LOW

Integrity:

LOW

Availability:

NONE

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.4 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)12.3th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 10, 2024 (1 year ago)

Last Modified

Oct 15, 2024 (1 year ago)

Security Weaknesses1

CWE-79

References3

NVDadvisorygeneral