All In One SEO Patches Multiple Stored XSS Vulnerabilities in Version 4.3.0 

Wordfence has published the details of two stored XSS vulnerabilities the company responsibly disclosed to the developers of the All In One SEO plugin in January 2023. The vulnerabilities potentially impacted more than 3 million users on versions 4.2.9 and earlier. One vulnerability, which received a 6.4 (Medium) CVSS score, Wordfence attributes to insufficient input sanitization and output escaping. Researchers found that this “makes it possible for authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.” The second vulnerability was given a 4.4 (Medium) CVSS 

Be sure to read the original article from WP Tavern here: Read More

Was this helpful?

Subscribe to the free Email Newsletter with exclusive content only for subscribers.

No SPAM promise! Unsubscribe any time.