CVE-2023-0585

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L624	Release Notes
https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L625	Release Notes
https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L665	Release Notes
https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L666	Release Notes
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2023-02-24 15:15

Updated : 2023-11-07 04:00

NVD link : CVE-2023-0585

Mitre link : CVE-2023-0585

CVE.ORG link : CVE-2023-0585

JSON object : View

Products Affected

aioseo

all_in_one_seo

CWE

No CWE.

{"id": "CVE-2023-0585", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.3}]}, "published": "2023-02-24T15:15:12.600", "references": [{"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L624", "tags": ["Release Notes"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L625", "tags": ["Release Notes"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L665", "tags": ["Release Notes"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L666", "tags": ["Release Notes"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f", "tags": ["Release Notes", "Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "lastModified": "2023-11-07T04:00:53.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "71A6AA9C-0FBE-443E-8615-5414B604E473", "versionEndIncluding": "4.2.9"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}