All in One SEO Pack <= 2.2.5.1 - Information Disclosure



Description
The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.

Affects Plugin

fixed in version 2.2.6

References

CVE 2015-0902
URL http://jvn.jp/en/jp/JVN75615300/index.html
URL http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 7155
Verified No
WPVDB ID 7881

Timeline

Publicly Published 2015-03-31 (over 4 years ago)
Added 2015-04-03 (over 4 years ago)
Last Updated 2019-10-21 (24 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin