Vulnerability Details CVE-2019-16520
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www.openwall.com/lists/oss-security/2019/10/16/5
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack
- https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888
- https://semperplugins.com/all-in-one-seo-pack-changelog/
- https://wordpress.org/plugins/all-in-one-seo-pack/#developers
- https://wpvulndb.com/vulnerabilities/9915
- http://www.openwall.com/lists/oss-security/2019/10/16/5
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack
- https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888
- https://semperplugins.com/all-in-one-seo-pack-changelog/
- https://wordpress.org/plugins/all-in-one-seo-pack/#developers
- https://wpvulndb.com/vulnerabilities/9915
Products affected by CVE-2019-16520
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:-
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.6.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.6.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.6.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.6.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.6.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.6.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.7.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.3.8.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.3.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.5.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.10
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.11
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.12
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.13
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.15
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.16
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.6.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.7.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.7.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.7.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.7.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.4.91
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.5.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.10
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.10.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.10.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.10.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.11
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.11.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.12
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.12.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.12.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.13.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.14
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.14.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.14.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.14.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.14.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.14.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.14.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.15
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.15.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.15.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.4.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.6.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.6.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.8.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.8.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:1.6.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.0
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.0.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.0.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.0.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.0.3.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.1.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.1.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.1.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.1.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.1.4.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.10
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.10.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.10.1.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.11
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.11.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.12
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.13
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.13.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2.4.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.2.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.4.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.5.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.6.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.6.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.7.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.7.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.3.7.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.10.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.10.2.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.11
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.11.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.11.1.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.11.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.11.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.11.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.12
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.12.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.12.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.12.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.12.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.13
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.13.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.14
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.14.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.14.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.15
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.15.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.15.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.15.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.15.3.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.16
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.3.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.3.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.4.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.4.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.4.2.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.5.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.6.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.7
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.8
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.4.9.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.1.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.2.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.4.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.5.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.5.6.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.6
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.7.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.8.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.8.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:2.9
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.0
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.0.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.0.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.0.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.0.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.1.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.2.1
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.2.2
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.2.3
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.2.4
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.2.5
-
cpe:2.3:a:semperplugins:all_in_one_seo_pack:3.2.6