Aggregates CVE and security vulnerability intelligence across all seopanel-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk sql injection, vendor risk ssrf, and vendor risk csrf and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-29452 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. | [email protected] | 7.6 | 0.97% | 2025-04-17 | 2025-04-23 |
| CVE-2025-29451 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. | [email protected] | 7.6 | 0.93% | 2025-04-17 | 2025-04-23 |
| CVE-2024-22648 | A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | [email protected] | 5.3 | 0.14% | 2024-01-30 | 2025-06-20 |
| CVE-2024-22647 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | [email protected] | 5.3 | 0.17% | 2024-01-30 | 2025-05-29 |
| CVE-2024-22646 | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | [email protected] | 5.3 | 0.35% | 2024-01-30 | 2025-06-04 |
| CVE-2024-22643 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | [email protected] | 6.5 | 0.11% | 2024-01-30 | 2025-05-30 |
| CVE-2021-34117 | SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | [email protected] | 7.5 | 2.31% | 2023-02-15 | 2025-03-20 |
| CVE-2021-39413 | Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) | [email protected] | 6.1 | 0.22% | 2021-11-05 | 2024-11-21 |
| CVE-2020-27461 | A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function. | [email protected] | 8.8 | 5.67% | 2021-08-20 | 2024-11-21 |
| CVE-2021-29010 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. | [email protected] | 4.8 | 0.18% | 2021-03-25 | 2024-11-21 |
| CVE-2021-29009 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. | [email protected] | 4.8 | 0.18% | 2021-03-25 | 2024-11-21 |
| CVE-2021-29008 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. | [email protected] | 4.8 | 0.18% | 2021-03-25 | 2024-11-21 |
| CVE-2021-28420 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | [email protected] | 4.8 | 0.21% | 2021-03-18 | 2024-11-21 |
| CVE-2021-28419 | The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | [email protected] | 7.2 | 1.00% | 2021-03-18 | 2024-11-21 |
| CVE-2021-28418 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | [email protected] | 4.8 | 0.21% | 2021-03-18 | 2024-11-21 |
| CVE-2021-28417 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | [email protected] | 4.8 | 0.21% | 2021-03-18 | 2024-11-21 |
| CVE-2021-3002 | Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | [email protected] | 6.1 | 12.71% | 2021-01-01 | 2024-11-21 |
| CVE-2020-35930 | Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | [email protected] | 5.4 | 0.39% | 2020-12-31 | 2024-11-21 |
| CVE-2018-14384 | The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | [email protected] | 4.8 | 0.17% | 2020-03-02 | 2024-11-21 |
| CVE-2017-10839 | SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | [email protected] | 8.8 | 0.23% | 2017-08-29 | 2026-05-13 |