Description Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. Remediation References CVE-2021-3002 Related Vulnerabilities WordPress Plugin Ninja Announcements Lite 'ninja_annc.php' SQL Injection (1.2.3) PHP Address Book Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2903) OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3512) WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Privilege Escalation (3.7.1.4) WordPress Plugin Powerhouse Museum Collection Image Grid 'tbpv_username' Parameter Cross-Site Scripting (0.9.1.1) Severity Medium Classification CVE-2021-3002 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Tags Missing Update Known Vulnerabilities