Current Description

The all-in-one-seo-pack plugin prior to 3.2.7 for WordPress (aka All in One SEO Load) is vulnerable to Saved XSS due to incorrect encoding of the SEO-specific description for posts offered by the plugin by means of unsafe placeholder replacement.

Source:
MITRE

View Analysis Description

Effect

CVSS v3.1 Seriousness and Metrics:

Base Score:.

5.4 MEDIUM

Vector:.

AV: N/AC: L/PR: L/UI: R/S: C/C: L/I: L/A: N.
( V3.1 legend).

Effect Rating:.

2.7.

Exploitability Rating:.

2.3.

Attack Vector (AV):.

Network.

Attack Complexity (Air Conditioner):.

Low.

Advantages Required (PR):.

Low.

User Interaction (UI):.

Required.

Scope (S):.

Changed.

Privacy (C):.

Low.

Integrity (I):.

Low.

Accessibility (A):.

None.

CVSS v2.0 Intensity and Metrics:

Base Rating:.

3.5 LOW

Vector:

( AV: N/AC: M/Au: S/C: N/I:P/ A: N).

( V2 legend).

Effect Subscore:

2.9.

Exploitability Subscore:

6.8.

Gain Access To Vector (AV):.

Network.

Gain Access To Complexity (A/C):.

Medium.

Authentication (AU):.

Single.

Privacy (C):.

None.

Stability (I):.

Partial.

Accessibility (A):.

None.

Additional Info:.

Victim needs to willingly communicate with attack system

Enables unapproved modification

References to Advisories, Solutions, and Tools

By choosing these links, you will be leaving NIST webspace. We have actually offered these links to other website since.
they might have details that would be of interest to you. No reasonings ought to be drawn on account of other websites.
being referenced, or not, from this page. There might be other web websites that are better suited for your purpose.
NIST does not always back the views expressed, or concur with the realities presented on these websites. Even more,.
NIST does not back any industrial products that might be pointed out on these sites. Please deal with comments about.
this page to [email protected]

Technical Details

Vulnerability Type
( View All)

Improper Neutralization of Input Throughout Websites Generation (‘ Cross-site Scripting’) ( CWE-79)

Understood Affected Software Configurations
Switch to CPE 2.2

Setup 1 ( conceal )

cpe:2.3: a: semperplugins: all_in_one_seo_pack: *: *: *: *: *: wordpress: *:*-LRB- ******************************************************************************)

Show Matching CPE( s)

As much as (excluding)

3.2.7

Change History

2 change records found.
– reveal changes

Check Out More

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Current Description

Effect

References to Advisories, Solutions, and Tools

Technical Details

Understood Affected Software Configurations Switch to CPE 2.2

Change History

Related Posts

Ahrefs vs SEMrush: Which SEO Tool Is Better?

We’ve got 10 super-useful apps with life time membership uses on sale today

Required website hosting for your business? Here are 6 fantastic choices.

Leave a Reply Cancel reply

Understood Affected Software Configurations
Switch to CPE 2.2