nystudio107/craft-seomatic
Packagist6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting nystudio107/craft-seomaticpage 1 of 1
- CVE-2018-14716HIGHCVSS 7.5✓ Fixed in 3.1.42018-08-06
vulnerable: 3.0.0 ... 3.1.3 (52 versions)
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
- CVE-2020-12790HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.492020-05-11
vulnerable: 3.0.0 ... 3.2.9 (147 versions)
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
- CVE-2020-9757CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.3.02020-03-04
vulnerable: 3.0.0 ... 3.2.9 (150 versions)
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
- CVE-2021-41749CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.4.112022-06-12
vulnerable: 3.0.0 ... 3.4.9 (210 versions)
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
- CVE-2021-41750MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.4.112022-06-12
vulnerable: 3.0.0 ... 3.4.9 (210 versions)
A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the ba…
- CVE-2021-44618CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.4.122022-03-11
vulnerable: 3.0.0 ... 3.4.9 (211 versions)
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.
Check whether nystudio107/craft-seomatic is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nystudio107/craft-seomatic CVEs against the assets you own.
Start Free Scan →