CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-0902

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile15.61th
Published2015年4月3日
Last Modified2026年5月6日

Vulnerability Description

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.

Affected Platforms (CPE)

📦
Semperfiwebdesign

All In One Seo Pack

<= 2.2.5.1

References & Advisories

🔗 http://jvn.jp/en/jp/JVN75615300/index.html
🔗 http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046
🔗 http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/
🔗 http://jvn.jp/en/jp/JVN75615300/index.html
🔗 http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046
🔗 http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/

相關漏洞威脅

CVE-2013-59886.1

A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search pa...

CVE-2019-165205.4

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper e...

CVE-2020-359465.4

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vul...

CVE-2015-098710.0

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password tra...