The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.
5.3CVSS
5.3AI Score
0.001EPSS
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin onl...
4.9CVSS
5AI Score
0.001EPSS
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any adminis...
4.8CVSS
5.4AI Score
0.001EPSS