VYPR

All-In-One Security (AIOS)

by WordPress

CVEs (2)

  • CVE-2023-0157MedApr 10, 2023
    risk 0.34cvss 4.8epss 0.32

    The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the…

  • CVE-2023-0156MedApr 10, 2023
    risk 0.33cvss 4.9epss 0.20

    The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has…