WordPress Plugin Vulnerabilities

All in One SEO Pack <= 2.2.6.1 - Cross-Site Scripting (XSS)

Description

The All in One SEO Pack WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
all-in-one-seo-pack
Fixed in 2.2.6.2

References

URL
https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
9c76c04d-3c4e-4a06-ab7e-054bc21c55fc

Timeline

Publicly Published
2015-04-20 (about 10 years ago)
Added
2015-04-20 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2022-02-07
Title
White Label MS < 2.2.9 - Reflected Cross-Site Scripting
Published
2024-08-16
Title
WP ULike < 4.7.2.1 - Subscriber+ Stored-XSS
Published
2025-01-16
Title
CBX Accounting & Bookkeeping <= 1.3.14 - Reflected Cross-Site Scripting
Published
2025-12-27
Title
Bold Timeline Lite < 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-04-30
Title
TweetScroll Widget <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting