PLUGIN SECURITY
Is Wp Seopress safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Wp Seopress WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
wp-seopress - Requires PHP: 7.4+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] >= 5.0.0 - <= 5.0.3 [CVE-2021-34641, WordPress SEOPress, on-site SEO plugin 5.0.0 – 5.0.3 - Stored Cross-Site Scripting (XSS) vulnerability via REST-API, SEOPress 5.0.0 - 5.0.3 - Stored Cross-Site Scripting, SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 6.5.0.3 [SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 6.5.0.3 [WordPress SEOPress Plugin <= 6.5.0.2 is vulnerable to PHP Object Injection]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 6.5.0.3 [CVE-2023-1669, SEOPress < 6.5.0.3 - Admin+ PHP Object Injection]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.3 [CVE-2023-6290, SEOPress – On-site SEO <= 7.2 - Authenticated (Admin+) Stored Cross-Site Scripting, WP SEO Press < 7.3 - Admin+ Stored XSS]
+ 11 more known vulnerabilities
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.6 [CVE-2024-2165, SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Author+) Stored Cross-Site Scripting, WordPress SEOPress Plugin <= 7.5.2.1 is vulnerable to Cross Site Scripting (XSS), SEOPress – On-site SEO < 7.6 - Author+ Stored Cross-Site Scripting]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.7 [CVE-2024-34383, WordPress SEOPress Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR), SEOPress <= 7.6.1 - Information Exposure]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.6 [CVE-2024-1134, SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.8 [CVE-2024-4899, SEOPress <= 7.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress SEOPress Plugin < 7.8 is vulnerable to Cross Site Scripting (XSS)]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.8 [CVE-2024-4900, SEOPress <= 7.7.2 - Authenticated (Contributor+) Open Redirect, WordPress SEOPress Plugin < 7.8 is vulnerable to Open Redirection]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.9.1 [CVE-2024-1168, SEOPress – On-site SEO <= 7.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Social Image URL, WordPress SEOPress Plugin <= 7.9 is vulnerable to Cross Site Scripting (XSS)]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 7.9 [CVE-2024-5488, WordPress SEOPress Plugin < 7.9 is vulnerable to PHP Object Injection, SEOPress <= 7.8 - Unauthenticated PHP Object Injection]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 8.2 [CVE-2024-9225, SEOPress – On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting, WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 8.2 [CVE-2024-50454, WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Broken Access Control, SEOPress <= 8.1.1 - Missing Authorization]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 8.2 [CVE-2024-50456, WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Broken Access Control, SEOPress <= 8.1.1 - Missing Authorization]
- SEOPress – AI SEO Plugin & On-site SEO [wp-seopress] < 8.2 [CVE-2024-50455, WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Broken Access Control, SEOPress <= 8.1.1 - Missing Authorization]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings — 4000000+ active installs — max PHP 8.4
- SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema — 300000+ active installs — max PHP 8.4
- SmartCrawl SEO checker, analyzer & optimizer — 20000+ active installs — max PHP 8.4
- Xagio SEO – AI Powered SEO — 10000+ active installs
- SMNTCS Google Webmaster Tools — 6000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.