All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic, cf9a6262a1b6cbbfceb42f683a61bda04835f180

CVE, Research URL: cf9a6262a1b6cbbfceb42f683a61bda04835f180
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Published on: May 31, 2014
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.2.5 All in One SEO <= 2.2.4.1 - Privilege Escalation to Arbitrary Post Modification The All in One SEO plugin for WordPress is vulnerable to Authenticated Privilege Escalation leading to Post Changes in versions up to, and including, 2.2.4.1. This is due to certain actions being available to low-privileged users. This makes it possible for Subscriber-level attackers to add or modify certain parameters used by the plugin. This includes the post’s SEO title, description and keyword meta tags. This could be used to decrease a site's Search Engine Results Page (SERP) ranking.
Affected versions: max 2.2.5.
Status: vulnerable