Security Flaw in Semper Fi All in One SEO Pack Plugin for WordPress
CVE-2015-0902

Currently unrated

Key Information:

Vendor: Wordpress
Status: All In One Seo Pack
Vendor: CVE Published:; 3 April 2015

Summary

The Semper Fi All in One SEO Pack plugin for WordPress prior to version 2.2.6 fails to account for password protection in the generation of the Meta Description field. This oversight permits remote attackers to access sensitive information by exploiting the generated HTML source code, potentially revealing details that should otherwise be protected.

References

http://jvn.jp/en/jp/JVN75615300/index.html

third-party-advisoryx_refsource_JVN

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046

third-party-advisoryx_refsource_JVNDB

http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 3, 2015
Vulnerability Reserved
Jan 8, 2015