WordPress Plugin Vulnerabilities

All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation

Description

The plugin is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites.

Affects Plugins

Plugin icon
all-in-one-seo-pack
Fixed in 4.1.5.3

References

CVE
CVE-2021-25036
URL
https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/
URL
https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/Api.php

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.9 (critical)

Miscellaneous

Original Researcher
Marc Montpas (Jetpack Scan)
Submitter
Marc Montpas (Jetpack Scan)
Submitter website
https://jetpack.com/scan
Submitter twitter
marcS0H
Verified
Yes
WPVDB ID
6de4a7de-6b71-4349-8e52-04c89c5e6d6c

Timeline

Publicly Published
2021-12-14 (about 4 years ago)
Added
2021-12-14 (about 4 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress 2.9 - Failure to Restrict URL Access
Published
2025-02-06
Title
Nextend Social Login Pro < 3.1.17 - Authentication Bypass via Apple OAuth provider
Published
2025-04-09
Title
SureTriggers < 1.0.79 - Unauthenticated Admin User Creation
Published
2022-06-21
Title
OAuth 2.0 client for SSO < 1.11.4 - Authenticated Bypass
Published
2024-12-11
Title
OAuth Single Sign On – SSO (OAuth Client) < 6.26.4 - Authentication Bypass