Cross-Site Scripting Vulnerability in All in One SEO Pack for WordPress
CVE-2013-5988

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: All In One Seo Pack
Vendor: CVE Published:; 11 February 2020

What is CVE-2013-5988?

The All in One SEO Pack plugin for WordPress is susceptible to a Cross-Site Scripting (XSS) attack due to improper handling of user-supplied data via the Search parameter. This vulnerability may allow an attacker to inject malicious scripts into the web application, potentially compromising the security of users interacting with the website.

References

https://packetstormsecurity.com/files/cve/CVE-2013-5988

x_refsource_MISC

https://www.securityfocus.com/archive/1/528962

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Oct 3, 2013

Wordpress

What is CVE-2013-5988?

References

CVSS V3.1

Timeline