WordPress All in One SEO plugin < 4.6.1.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmtirii Ignatyev in WordPress Plugin All In One SEO Pack versions 4.6.1.1...

CVE-2019-16520

The all-in-one-seo-pack plugin before 3.2.7 for WordPress aka All in One SEO Pack is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement...

CVE-2025-67950

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

EUVD-2020-23529

Malware in sbrugna...

EUVD-2013-5818

Malware in sbrugna...

EUVD-2023-12625

Malicious code in bioql PyPI...

EUVD-2023-12626

Malicious code in bioql PyPI...

CVE-2023-0585

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above...

WordPress All in One SEO Pack plugin <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability discovered by Ivan Kuzymchak in WordPress Plugin All In One SEO Pack versions = 4.8.1.1...

CVE-2025-2892 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and...

WordPress All In One SEO Pack Plugin <= 4.6.0 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3554 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID afa993c33fdc Credits Krzysztof Zając...

WordPress All in One SEO Pack Plugin < 4.3.0 Multiple XSS Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aioseo:allinoneseo"; if description...

WordPress All In One SEO Pack 4.2.9 Cross Site Scripting Vulnerability

Affected Plugin: All In One SEO Pack Plugin Slug: all-in-one-seo-pack Affected Versions: = 4.2.9 CVE ID: CVE-2023-0586 CVSS Score: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ivan Kuzymchak Fully Patched Version: 4.3.0 The All in One SEO Pack plugin for...

WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0586 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5d5ff254df57 Credits Ivan Kuzymchak...

WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0585 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 21a22db087a8 Credits WordFence Required...

CVE-2023-0585

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above...

CVE-2023-0586

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject...

CVE-2023-0586

CVE-2023-0586 affects the WordPress All in One SEO Pack plugin up to version 4.2.9. The root cause is insufficient input sanitization and output escaping in multiple parameters, enabling stored XSS for authenticated users with Contributor+ role. Impact stated: injected scripts run when users view...

CVE-2023-0586 All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject...

CVE-2023-0585

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above...