WordPress Plugin Vulnerabilities

All in One SEO Pack < 2.10 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The All in One SEO Pack WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
all-in-one-seo-pack
Fixed in 2.10

References

URL
https://www.ripstech.com/php-security-calendar-2018/#day-4
URL
https://wordpress.org/support/topic/a-critical-vulnerability-has-been-detected-in-this-plugin/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
16353d45-75d1-4820-b93f-daad90c322a8

Timeline

Publicly Published
2018-12-04 (about 7 years ago)
Added
2018-12-06 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2018-10-08
Title
WPML < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2022-05-17
Title
WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting
Published
2022-05-16
Title
Ask Me < 6.8.2 - Reflected Cross-Site Scripting
Published
2021-10-15
Title
YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module
Published
2025-09-02
Title
Vayu Blocks < 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes