Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36404: Simple SEO

Auth. (subscriber+) Broken Access Control vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemap.

CVE
#vulnerability#web#ios#google#wordpress#perl#oauth#auth
  • Details

  • Reviews

  • Installation

  • Support

  • Development

  • Nonce Security!

  • Generates META tags automatically.

  • Works out-of-the-box. Just install!

  • You can override any title and set any META description and any META keywords you want!

  • Google Analytic 4!

  • Google Webmaster Tools!

  • Bing verification & Yandex verification!

  • Twitter and Facebook customization!

  • Quickedit SEO titles and descriptions!

  • Import Yoast SEO data!

  • Import Rank Math SEO data!

  • Import All In One SEO data!

  • Supports custom post types!

  1. Upload the plugin files to the /wp-content/plugins/cds-simple-seo directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress.
  3. Use the Settings -> Simple SEO screen to configure the sitemap, the META info for the homepage, Google webmaster tools, Google analytic, etc.

If upgrading, please back up your database first!

Please email [email protected] with any questions.

Q: How does front page title and description work.

A: The default title and description will be used under settings. If the front page, or blog page are used, then those pages meta information will be used.

Keep it up Mr. Cole. Simplicity in chaos is the correct path.

As feedback, We are not pleased with the way the plugin is set, but also with the support provided to properly configuring it. This made us simply unistalled it. Perhaps you guys may need to include more people to help you with this area, while having videos, screenshots and all the information available to configure the plugin easy and efficiently, but also providing a lean and clean way to unistall it if the case arises. At the end all is about service quality and customer experience.

JUST AWESOME & simple. please add redirect url. complete!

Finally after searching through SEO plugins all day I came across this one. Does exactly what I wanted, nothing superfluous. Excellent!

Great SEO plug-in! Puts the control back to the user without all the smoke and mirrors of Yoast, AIOSEO, et. al. Study your SEO manual, install this WordPress plug-in, and you’re set.

Finally, a simple plugin just to add custom keyword and meta description like the old days.

Read all 14 reviews

“Simple SEO” is open source software. The following people have contributed to this plugin.

Contributors

  • David Cole

1.1.0

  • Added Google webmaster tools and analytic

1.2.0

Release Date: August 11th, 2017

  • Enhancements

    • Added Robot NOINDEX and NOFOLLOW
    • Added a preview sections for how the meta information should show on a search engine page.
    • Added pre_get_document_title for compatibility
  • Bugfixes

    • Fixes a typo in the readme.txt :-p

1.2.1

Release Date: August 24th, 2017

  • Bugfixes
    • Google Verification fixed/updated.

1.2.2

Release Date: August 30th, 2017

  • Bugfixes
    • Fixed title, description, etc from showing a empty result () if it’s not specified.
    • Added some simple code to generate default metadata if none is specified.

1.2.3

  • Enhancements
    • Added settings link to plugin page.
    • Updated the GA script/code.
    • Various minor changes for future updates.

1.3.0

Release Date: April 17th, 2018

  • Enchancments

    • Complete overhaul of Simple SEO presentation when editing pages, posts, etc.
    • Lots of code optimization.
  • Random

    • Updated the license to: GPLv3

1.3.1

Release Date: May 21st, 2018

  • Bugfixes
    • Fixed a bug which prevented the keywords and description from showing. Thank you Aletta!

1.3.2

Release Date: May 28th, 2018

  • Bugfixes
    • Fixed a bug which displayed Google Analytic even if a code was not added. Thank you Mahendra!

1.3.3

Release Date: June 21th, 2018

  • Enchancments
    • Added meta title and meta description input fields to quick edit and bulk edit.
    • Added meta titles and meta description to index; where applicable

1.3.4

Release Date: July 5th, 2018

  • Bugfixes
    • Quick edit fix.

1.4.0

Release Date: May 19th, 2019

  • Enchancments
    • Facebook
    • Twitter
    • Bing Verification
    • Baidu Verification
    • Yandex Verification

1.4.1

Release Date: May 22nd, 2019

  • Bugfix
    • WooCommerce compadability – Thank you Andrew.

1.4.2

Release Date: May 23rd, 2019

  • Bugfix
    • WooCommerce compadability – Thank you Andrew.

1.4.3

Release Date: June 13th, 2019

  • Enchancments
    • Added quick edit for posts
    • Added the option to import Yoast SEO data into Simple SEO. This can be found under Settings -> Simple SEO at the bottom of the page.

1.4.4

Release Date: June 13th, 2019

  • Enchancments
    • Added post_name to the columns options

1.4.5

Release Date: June 13th, 2019

  • Enchancments
    • Added taxonomy support
    • Including WooCommerce taxonomy support!

1.4.6

Release Date: June 13th, 2019

  • Bugfix
    • Taxonomy fix.

1.4.8

Release Date: June 14th, 2019

  • Bugfix
    • WooCommerce compadability issue for those not running woocommerce. Fixed.

1.4.9

Release Date: June 14th, 2019

  • Bugfix
    • d2.roth posted a bug with contact form 7. Fixed.

1.5

Release Date: Feb 27th, 2020

  • Enchancments
    • Quickedit for custom post types
    • Column sorting

1.5.1

Release Date: June 16th, 2020

  • Bugfix
    • Fix an issues where the default meta data was not showing on the static post front page.

1.5.2

Release Date: October 12th, 2020

  • Bugfix
    • WooCommerce CSS updates.

1.5.3

Release Date: October 14th, 2020

  • Bugfix
    • WooCommerce updates.

1.5.6

Release Date: December 4th, 2020

  • Update
    • Minor updates to code.

1.6

Release Date: December 7th, 2020

  • Update
    • Added sitemap generation.

1.6.1

Release Date: December 7th, 2020

  • Update
    • added htmlspecialchars() to url for sitemap.

1.6.2

Release Date: December 8th, 2020

  • Update
    • updated the date format in sitemap.

1.6.4

Release Date: December 9th, 2020

  • Update
    • Disabled sitemap generation on admin_init
    • Removed noindex, nofollow pages (Simple SEO) from sitemap
    • Added more translation features/options (more coming soon.)
    • Added action for transition_post_status to update sitemap, if sitemap generation is enabled.

1.6.5

Release Date: December 9th, 2020

  • Bugfix
    • Modified the transition_post_status

1.6.6

Release Date: Jan 1st, 2021

  • Update
    • Added some more translation capabiltiies
    • Added the abilty to import infor from All in One SEO and Rank Math. Enjoy!

1.6.7

Release Date: Jan 1st, 2021

  • Update
    • Corrected some typos.

1.6.8

Release Date: March 3rd, 2021

  • Update
    • Corrected some typos.

1.6.9

Release Date: July 19th, 2021

  • Update
    • WordPress 5.8.
    • Blog page title shows if using a static page
    • Some other minor fixes.
    • Added supportt for Google Analytic 4

1.7

Release Date: August 11th, 2021

  • Bugfix
    • Fixed homepage title bug for static page.
    • Fixed keywords being erased when using quickedit.

1.7.1

Release Date: October 19th, 2021

  • New Feature
    • Added canonical urls.

1.7.2

Release Date: Jan 20th, 2022

  • Bugfix
    • Taxonomy code updates and meta title fixes provides by Daniel Roth. Thanks Daniel!

1.7.3

Release Date: March 6th, 2022

  • Bugfix
    • Search title update. Thanks Daniel Roth!

1.7.4

Release Date: March 6th, 2022

  • Bugfix
    • og and twitter title update.

1.7.5

Release Date: March 14th, 2022

  • Bugfix
    • Category forwardslash issue fix. Thanks Daniel Roth!

1.7.7

Release Date: May 8th, 2022

  • Update for WP 6.0

1.7.8

Release Date: June 20th, 2022

  • Archive pages titles, descriptions, og data fixed!
  • Sitemaps fixed; for now it will only show pages and posts. Recommend using WordPress built in Sitemap as this sitemap feature will be removed in the future.

1.7.9

Release Date: July 10th, 2022

  • Updated sseoGetTitle() for archive pages.

1.7.91

Release Date: July 11th, 2022

  • Updated sseoGetTitle() for WooCommerce shop page.

1.7.96

Release Date: July 25th, 2022

  • Updates for WordPress compliance.

1.7.98

Release Date: July 26th, 2022

  • Update is_home_posts_page()

1.7.99

Release Date: August 18th, 2022

  • Update to FB/OG meta data.

1.8.0

Release Date: August 18th, 2022

  • Update to FB/OG meta data.

1.8.1

Release Date: Sept 4th, 2022

  • Updated default meta titles, descriptions and keywords.
  • More updates coming for default FB, Twitter, and erasing database information on uninstall.

1.8.12

Release Date: Sept 7th, 2022

  • Fixed meta description issue.

1.8.13

Release Date: October 14th, 2022

  • Removed Baidu.
  • Removed Sitemaps; WordPress has a built in Sitemap, no need for this functionality.

1.8.14

Release Date: October 26th, 2022

  • Preping for WordPress 6.1

1.8.15

Release Date: October 26th, 2022

  • Preping for WordPress 6.1
  • Added screenshots
  • Removed obsolete code functions

Related news

CVE-2022-36404: WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability - Patchstack

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907