CyberSec.Space Logo
Back to CVE Browser

CVE-2019-16520

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile40.76th
PublishedOct 16, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.

Affected Platforms (CPE)

πŸ“¦
Semperplugins

All In One Seo Pack

< 3.2.7

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2019/10/16/5
πŸ”— https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack
πŸ”— https://github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888
πŸ”— https://semperplugins.com/all-in-one-seo-pack-changelog/
πŸ”— https://wordpress.org/plugins/all-in-one-seo-pack/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9915
πŸ”— http://www.openwall.com/lists/oss-security/2019/10/16/5
πŸ”— https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack

Related Vulnerabilities

CVE-2013-59886.1

A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search pa...

CVE-2020-359465.4

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vul...

CVE-2015-09025.0

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during g...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.