All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic, 3ba807ccfacfcb7a0533e3c9d7970536d7380445

CVE, Research URL: 3ba807ccfacfcb7a0533e3c9d7970536d7380445
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Published on: Oct 18, 2018
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.10 All in One SEO <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting The All in One SEO plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including 2.9.1.1, via post meta values. This makes it possible for attackers with Contributor level permissions and above to inject arbitrary web scripts in administrative pages that execute whenever a user accesses the page with the stored web scripts.
Affected versions: max 2.10.
Status: vulnerable