Lucene search
Dmtirii IgnatyevWPEX-ID:AB78B1A5-E28C-406B-BAAF-6D53017F9328HistoryApr 29, 2024 - 12:00 a.m.
All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
2024-04-2900:00:00
Dmtirii Ignatyev
72
all in one seo
contributor+
stored xss
vulnerability
exploit
update
poc
may 13 2024
Description The plugin does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, create a post and put the following payload in the "Meta Description" field: <img src=x onerror=alert(/XSS/)>
Save the post (as a draft or submit for review), the XSS will be triggered when any user (like an admin) edit the post againReferences
Related
nvd
nvd
CVE-2024-3368
2024-05-20 06:15:08
vulnrichment
vulnrichment
CVE-2024-3368 All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
2024-05-20 06:00:01
cve
cve
CVE-2024-3368
2024-05-20 06:15:08
cvelist
cvelist
CVE-2024-3368 All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
2024-05-20 06:00:01
wpvulndb
wpvulndb
All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
2024-04-29 00:00:00
wordfence
wordfence
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:AB78B1A5-E28C-406B-BAAF-6D53017F9328