Unrated severityNVD Advisory· Published Jan 17, 2022· Updated Aug 3, 2024
All In One SEO < 4.1.5.3 - Authenticated SQL Injection
CVE-2021-25037
Description
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.1.5.3
Patches
Vulnerability mechanics
References
3- jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/mitrex_refsource_MISC
- plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.phpmitrex_refsource_CONFIRM
- wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6dmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.