Semperplugins: Security Vulnerabilities
An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-01-01
A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-11
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
CVSS Score
5.4
EPSS Score
0.018
Published
2019-10-16