WordPress Plugin Vulnerabilities

All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)

Description

The All in One SEO Pack WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
all-in-one-seo-pack
Fixed in 3.2.7

References

CVE
CVE-2019-16520
URL
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Tobias Fink (SBA Research)
Verified
No
WPVDB ID
868dccee-089b-43d2-a80a-6cadba91f770

Timeline

Publicly Published
2019-10-16 (about 6 years ago)
Added
2019-10-16 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-10-17
Title
Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting
Published
2025-05-02
Title
Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-24
Title
AvaiBook <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-06-12
Title
IRM Newsroom < 1.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode
Published
2021-03-17
Title
Elementor < 3.1.4 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget