virus logo Intrusion Prevention

WordPress.All-in-One.SEO.Pack.Plugin.XSS

description-logoDescription

This indicates the detection of an attack attempt against a Cross-Site Scripting (XSS) vulnerability in WordPress All-in-One SEO Pack plugin.
The vulnerability is due to insufficient sanitization of config file imports in WordPress All-in-One SEO Pack plugin. A remote attacker maybe able to exploit this to execute arbitrary script code within the context of the application.

affected-products-logoAffected Products

Version 2.3.4 and earlier.

Impact logoImpact

System Compromise : Remote attackers can execute arbitrary script code in the context of the affected site.

recomended-action-logoRecommended Actions

Upgrade to the latest version available from the website.
Refer to https://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 42375
Created May 06, 2016
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux
Affected App PHP_app