PT-2024-25435 · WordPress · All In One Seo
Dmtirii Ignatyev
·
Published
2024-05-20
·
Updated
2024-07-10
·
CVE-2024-3368
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
All in One SEO WordPress plugin versions prior to 4.6.1.1
Description
The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the plugin not validating and escaping some of its Post fields before outputting them back. This could potentially lead to remote code execution.
Recommendations
For versions prior to 4.6.1.1, upgrade the affected plugin immediately to the latest version.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
All In One Seo