The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
References
Link | Resource |
---|---|
https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/ | Exploit Third Party Advisory |
https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php | Patch Vendor Advisory |
https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6d | Exploit Vendor Advisory |
https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/ | Exploit Third Party Advisory |
https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php | Patch Vendor Advisory |
https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6d | Exploit Vendor Advisory |
Configurations
History
21 Nov 2024, 05:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/ - Exploit, Third Party Advisory | |
References | () https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php - Patch, Vendor Advisory | |
References | () https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6d - Exploit, Vendor Advisory |
Information
Published : 2022-01-17 13:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-25037
Mitre link : CVE-2021-25037
CVE.ORG link : CVE-2021-25037
JSON object : View
Products Affected
aioseo
- all_in_one_seo
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')