CVE-2016-10887

The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues...

CVE-2016-10888

The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues...

EUVD-2022-47669

Malicious code in bioql PyPI...

EUVD-2022-36249

Malicious code in bioql PyPI...

CVE-2023-0157

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

WordPress Plugin All-In-One Security 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-1037

The CVE-2024-1037 entry concerns All-In-One Security (AIOS) for WordPress, affecting versions up to 5.2.5. The vulnerability is a Reflected Cross-Site Scripting via the tab parameter caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject web sc...

WordPress Plugin All-In-One Security Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-16223 · WordPress · All-In-One Security

Name of the Vulnerable Software and Affected Versions: All-In-One Security AIOS – Security and Firewall plugin for WordPress versions up to, and including, 5.2.5 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and...

CVE-2023-0156

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

Code injection

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

CVE-2023-0157 All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

CVE-2023-0156 All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

CVE-2023-0156 All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

WordPress plugin All-In-One Security 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-16045 · WordPress · All-In-One Security

Name of the Vulnerable Software and Affected Versions: All-In-One Security AIOS WordPress plugin versions prior to 5.1.5 Description: The issue allows an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server, to which the web server has access...

WordPress plugin All-In-One Security路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin of the WordPress Foundation. A path traversal vulnerability exists i...

PT-2023-16046 · WordPress · All-In-One Security

Name of the Vulnerable Software and Affected Versions: All-In-One Security AIOS WordPress plugin versions prior to 5.1.5 Description: The issue allows an authorized user with admin+ privileges to plant bogus log files containing malicious JavaScript code. This code will be executed in the context...

All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

The plugin does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only displays the last 50 lines of the file. PoC POST...

CVE-2022-4346

The CVE-2022-4346 issue affects the All-In-One Security (AIOS) WordPress plugin (versions prior to 5.1.3). The underlying problem is an information disclosure: plugin settings, including the email address, were leaked publicly. Public references and security feeds document an exposure vector tied...