All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting (XSS)

Affects Plugin

all-in-one-seo-pack

fixed in version 2.3.8

References

URL	https://www.wordfence.com/blog/2016/07/new-xss-vulnerability-all-in-one-seo-pack/
URL	https://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/

Classification

Type	XSS
OWASP Top 10	A7: Cross-Site Scripting (XSS)
CWE	CWE-79

Miscellaneous

Submitter	ethicalhack3r
Submitter Website	https://dewhurstsecurity.com/
Submitter Twitter	ethicalhack3r
Views	5475
Verified	No
WPVDB ID	8558

Timeline

Publicly Published	2016-07-13 (over 3 years ago)
Added	2016-07-19 (about 3 years ago)
Last Updated	2016-07-19 (about 3 years ago)

Our Other Services

Online WordPress Vulnerability Scanner

WPScan WordPress Security Plugin