A stored cross-site scripting (XSS) vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into websites. The bug would allow a number of malicious actions, up to and including full site takeover. The plugin is installed on more than 100,000 sites. To protect their websites, users should upgrade to version 5.0.4 of the plugin, Wordfence researchers said. The vulnerability could easily be used by an attacker to take over a WordPress site.”]
Source: https://threatpost.com/xss-bug-seopress-wordpress-plugin/168702/