Primary

Context

Xagio SEO WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Xagio SEO plugin for WordPress, affecting all versions through 7.1.0.5. The issue arises from the backup functionality, which lacks proper filename structure and directory protection. This vulnerability enables unauthenticated attackers to access sensitive data from backups, potentially including the entire database and site files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including database contents and site files.

Reproduction

The vulnerability can be reproduced by accessing the backup files created by the Xagio SEO plugin. These files can be retrieved from unprotected directories, as the plugin does not adequately secure backup locations or file names, allowing for unauthorized access.

Remediation

Users are advised to update the Xagio SEO plugin to version 7.1.0.6 or later.

Added: Aug 28, 2025, 6:20 AM

Updated: Aug 28, 2025, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

7.7

relevance

0.4

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

7.7

relevance

0.4

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xagio SEO WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating