Japan Vulnerability NotesJVN:75615300JVN#75615300: All in One SEO Pack information management vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
70.3%
All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag (“Meta Description”) to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected, therefore some part of its contents are not protected.
Impact
Some part of the contents are disclosed even when the contents are password-protected.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Apply a workaround
The following workaround may mitigate the affects of this vulnerability.
- Disable “Autogenerate Descriptions” in the settings screen
Products Affected
- All in One SEO Pack Version 2.2.5.1 and earlier
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
70.3%