Sentence To SEO (keywords, description and tags) <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Permanent keywords' Field
Summary
| CVE | CVE-2026-4142 |
|---|---|
| State | PUBLISHED |
| Assigner | Wordfence |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-22 09:16:25 UTC |
| Updated | 2026-04-22 09:16:25 UTC |
| Description | The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin reads user input via filter_input_array(INPUT_POST) which applies no HTML sanitization (FILTER_DEFAULT), stores it unsanitized to the WordPress options table via update_option(), and then outputs the stored value directly into a textarea element without any escaping using PHP short echo tags (<?= ?>). An attacker can break out of the textarea element using a closing </textarea> tag and inject arbitrary HTML/JavaScript. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the plugin's settings page. |
Risk And Classification
Primary CVSS: v3.1 4.4 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Problem Types: CWE-79 | CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 4.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
| 3.1 | CNA | DECLARED | 4.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
HighUser Interaction
NoneScope
ChangedConfidentiality
LowIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Eazyserver | Sentence To SEO Keywords Description And Tags | affected 1.0 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php | [email protected] | plugins.trac.wordpress.org | |
| www.wordfence.com/threat-intel/vulnerabilities/id/7d11b2db-d097-433f-923c-f49ef... | [email protected] | www.wordfence.com | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php | [email protected] | plugins.trac.wordpress.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Muhammad Nur Ibnu Hubab (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-04-21T19:05:43.000Z | Disclosed |
There are currently no legacy QID mappings associated with this CVE.