Security Flaw in Semper Fi All in One SEO Pack Plugin for WordPress
CVE-2015-0902

Currently unrated

Key Information:

Vendor: Wordpress
Status: All In One Seo Pack
Vendor: CVE Published:; 3 April 2015

What is CVE-2015-0902?

The Semper Fi All in One SEO Pack plugin for WordPress prior to version 2.2.6 fails to account for password protection in the generation of the Meta Description field. This oversight permits remote attackers to access sensitive information by exploiting the generated HTML source code, potentially revealing details that should otherwise be protected.

References

http://jvn.jp/en/jp/JVN75615300/index.html

third-party-advisoryx_refsource_JVN

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046

third-party-advisoryx_refsource_JVNDB

http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2015
Vulnerability Reserved
Jan 8, 2015

Wordpress

What is CVE-2015-0902?

References

Timeline