MEDIUM✓ PATCH🇬🇧 English

CVE-2023-0586

CVSS 6.4v3.1pub. 2023-02-24upd. 2026-04-08

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
  • Aioseo All In One Seo

    APP
    Aioseo
    ≤ 4.2.9
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2021-25036HIGH8.8ten sam produkt

The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was disc...

CVE-2021-24307HIGH8.8ten sam produkt

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authe...

CVE-2025-2892MEDIUM6.4ten sam produkt

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vuln...

CVE-2024-3368MEDIUM6.1ten sam produkt

The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields befor...

CVE-2024-3554MEDIUM6.4ten sam produkt

The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for Wor...