Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2020-35946

Disclosure Date: January 01, 2021 (last updated February 22, 2025)
An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-5988

Disclosure Date: February 11, 2020 (last updated February 21, 2025)
A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16520

Disclosure Date: October 16, 2019 (last updated November 27, 2024)
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0