Unrated severityNVD Advisory· Published Oct 16, 2019· Updated Aug 5, 2024
CVE-2019-16520
CVE-2019-16520
Description
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/all-in-one-seo-pack plugindescription
- Range: <3.2.7
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2019/10/16/5mitremailing-listx_refsource_MLIST
- github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Packmitrex_refsource_MISC
- github.com/semperfiwebdesign/all-in-one-seo-pack/issues/2888mitrex_refsource_MISC
- semperplugins.com/all-in-one-seo-pack-changelog/mitrex_refsource_MISC
- wordpress.org/plugins/all-in-one-seo-pack/mitrex_refsource_MISC
- wpvulndb.com/vulnerabilities/9915mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.