EUVD-2022-51699

Malicious code in bioql PyPI...

CVE-2022-4097

The All-In-One Security AIOS WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more...

AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plaintext

All-In-One Security AIOS, a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users' passwords being added to the database in plaintext format. "A malicious site administrator i.e. a user already logge...

Code injection

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

CVE-2023-0156

The CVE concerns All-In-One Security (AIOS) WordPress plugin before v5.1.5. The issue permits an authorized admin+ user to view arbitrary server files and list directories via the plugin’s settings page, by bypassing limits on which log files are displayed. The impact is disclosure of file conten...

Security feature bypass

The All-In-One Security AIOS WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address...

Design/Logic Flaw

The All-In-One Security AIOS WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more...