CyberSec.Space Logo
Back to CVE Browser

CVE-2020-35946

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1960%
EPSS Percentile38.13th
PublishedJan 1, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.

Affected Platforms (CPE)

πŸ“¦
Semperplugins

All In One Seo Pack

< 3.6.2

References & Advisories

πŸ”— https://wpscan.com/vulnerability/10320
πŸ”— https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/
πŸ”— https://wpscan.com/vulnerability/10320
πŸ”— https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/

Related Vulnerabilities

CVE-2013-59886.1

A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search pa...

CVE-2019-165205.4

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper e...

CVE-2015-09025.0

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during g...

CVE-2020-161410.0

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, wh...