VYPR

Vendor CVEs

Seopanel

All CVEs

23 total · sorted by risk
  • CVE-2017-10839HigAug 29, 2017
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-10838MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2021-47872HigJan 21, 2026
    risk 0.39cvss 7.1epss 0.00

    SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database…

  • CVE-2021-28420Mar 18, 2021
    risk 0.03cvss epss 0.02

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.

  • CVE-2021-28419Mar 18, 2021
    risk 0.03cvss epss 0.11

    The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.

  • CVE-2021-28418Mar 18, 2021
    risk 0.03cvss epss 0.02

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.

  • CVE-2021-28417Mar 18, 2021
    risk 0.03cvss epss 0.02

    A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.

  • CVE-2010-4331Jan 20, 2011
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b)…

  • CVE-2021-3002Jan 1, 2021
    risk 0.01cvss epss 0.04

    Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.

  • CVE-2025-29452Apr 17, 2025
    risk 0.00cvss epss 0.00

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.

  • CVE-2025-29451Apr 17, 2025
    risk 0.00cvss epss 0.00

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.

  • CVE-2024-22646Jan 30, 2024
    risk 0.00cvss epss 0.01

    An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.

  • CVE-2024-22643Jan 30, 2024
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.

  • CVE-2024-22647Jan 30, 2024
    risk 0.00cvss epss 0.01

    An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.

  • CVE-2021-34117Feb 15, 2023
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.

  • CVE-2021-39413Nov 5, 2021
    risk 0.00cvss epss 0.01

    Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php,…

  • CVE-2020-27461Aug 20, 2021
    risk 0.00cvss epss 0.04

    A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.

  • CVE-2021-29010Mar 25, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.

  • CVE-2021-29009Mar 25, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.

  • CVE-2020-35930Dec 31, 2020
    risk 0.00cvss epss 0.01

    Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.

  • CVE-2018-14384Mar 2, 2020
    risk 0.00cvss epss 0.01

    The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter.

  • CVE-2014-100024Jan 13, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-1855May 20, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.