CyberSec.Space Logo
Back to CVE Browser

CVE-2015-0902

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile15.61th
PublishedApr 3, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.

Affected Platforms (CPE)

πŸ“¦
Semperfiwebdesign

All In One Seo Pack

<= 2.2.5.1

References & Advisories

πŸ”— http://jvn.jp/en/jp/JVN75615300/index.html
πŸ”— http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046
πŸ”— http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/
πŸ”— http://jvn.jp/en/jp/JVN75615300/index.html
πŸ”— http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046
πŸ”— http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/

Related Vulnerabilities

CVE-2013-59886.1

A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search pa...

CVE-2019-165205.4

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper e...

CVE-2020-359465.4

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vul...

CVE-2015-033810.0

Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11...