Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin. The said vulnerabilities were responsibly disclosed by the Wordfence Team on January 26, 2023. All In One SEO Pack provides search engine optimization tools designed to help content creators optimize their sites and reach more users via search engine and social channels.
The disclosed vulnerabilities center around stored cross-site scripting with users of all versions of Wordfence plugin being fully protected against this vulnerability by a custom Firewall rule.
The All In One SEO Pack vulnerabilities are as follows:
Authenticated (Administrator+) Stored Cross-Site Scripting (CVE-2023-0585): The All in One SEO Pack plugin for WordPress is vulnerable to the stored cross-site scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator-level access or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Authenticated (Contributor+) Stored Cross-Site Scripting (CVE-2023-0586): The All in One SEO Pack plugin for WordPress is vulnerable to the stored cross-site scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The vulnerable versions of this WordPress plugin fail to escape submitted site titles, meta descriptions and other elements during post and page creation, and when changing plugin settings. This allows users such as contributors with access to the post editor to insert malicious JavaScript into those fields. This in turn would execute in the browser of any authenticated user, such as a site’s administrator, editing a post or page.
For more details about the two vulnerabilities impacting three million sites with All In One SEO Pack WordPress plugin installed including illustrations please visit the public disclosure place here.
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.