Stored Cross-Site Scripting Vulnerability in All in One SEO Pack for WordPress
CVE-2023-0585

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Vendor: CVE Published:; 24 February 2023

What is CVE-2023-0585?

The All in One SEO Pack for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping methods. This vulnerability allows authenticated attackers with Administrator privileges or higher to inject malicious scripts into web pages. These scripts are subsequently executed whenever a user visits the compromised page, posing a significant risk to site security and user trust.

Affected Version(s)

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic * <= 4.2.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/all-in-one-seo...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2023
Vulnerability Reserved
Jan 30, 2023

Credit

Marco Wotschka

Ivan Kuzymchak