WordPress.All-in-One.SEO.Pack.Plugin.XSS
Description
This indicates the detection of an attack attempt against a Cross-Site Scripting (XSS) vulnerability in WordPress All-in-One SEO Pack plugin.
The vulnerability is due to insufficient sanitization of config file imports in WordPress All-in-One SEO Pack plugin. A remote attacker maybe able to exploit this to execute arbitrary script code within the context of the application.
Affected Products
Version 2.3.4 and earlier.
Impact
System Compromise : Remote attackers can execute arbitrary script code in the context of the affected site.
Recommended Actions
Upgrade to the latest version available from the website.
Refer to https://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |