Back to CVE Browser

CVE-2020-35946

MEDIUM

5.4

CVSS Severity Score

EPSS Score0.1960%

EPSS Percentile38.13th

PublishedJan 1, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.

Affected Platforms (CPE)

📦

Semperplugins

All In One Seo Pack

< 3.6.2

References & Advisories

🔗 https://wpscan.com/vulnerability/10320

🔗 https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/

🔗 https://wpscan.com/vulnerability/10320

🔗 https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/

Related Vulnerabilities

CVE-2013-59886.1

A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search pa...

CVE-2019-165205.4

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper e...

CVE-2015-09025.0

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during g...

CVE-2020-2627610.0

Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a vali...