返回 CVE 浏览器

CVE-2020-35946

MEDIUM

5.4

CVSS Severity Score

EPSS Score0.1960%

EPSS Percentile38.13th

Published2021年1月1日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.

Affected Platforms (CPE)

📦

Semperplugins

All In One Seo Pack

< 3.6.2

References & Advisories

🔗 https://wpscan.com/vulnerability/10320

🔗 https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/

🔗 https://wpscan.com/vulnerability/10320

🔗 https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/

相关漏洞威胁

CVE-2013-59886.1

A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search pa...

CVE-2019-165205.4

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper e...

CVE-2015-09025.0

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during g...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...