All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)

Affects Plugin

fixed in version 3.2.7

References

CVE 2019-16520
URL https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Tobias Fink (SBA Research)
Views 4343
Verified No
WPVDB ID 9915

Timeline

Publicly Published 2019-10-16 (about 1 month ago)
Added 2019-10-16 (about 1 month ago)
Last Updated 2019-10-17 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin