{"id":13039,"date":"2023-02-27T20:43:01","date_gmt":"2023-02-28T01:43:01","guid":{"rendered":"http:\/\/local.brightwhiz\/?p=13039"},"modified":"2023-02-27T20:43:05","modified_gmt":"2023-02-28T01:43:05","slug":"all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites","status":"publish","type":"post","link":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/","title":{"rendered":"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites"},"content":{"rendered":"\n<p>Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin. The said vulnerabilities were responsibly disclosed by the Wordfence Team on January 26, 2023. All In One SEO Pack provides <a href=\"http:\/\/local.brightwhiz\/tag\/seo\">search engine optimization<\/a> tools designed to help content creators optimize their sites and reach more users via search engine and social channels.<\/p>\n\n\n\n<p>The disclosed vulnerabilities center around stored cross-site scripting with users of all versions of Wordfence plugin being fully protected against this vulnerability by a custom Firewall rule.<\/p>\n\n\n\n<p>The All In One SEO Pack vulnerabilities are as follows:<\/p>\n\n\n\n<p><strong>Authenticated (Administrator+) Stored Cross-Site Scripting (CVE-2023-0585)<\/strong>: The All in One SEO Pack plugin for WordPress is vulnerable to the stored cross-site scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator-level access or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.<\/p>\n\n\n\n<p><strong>Authenticated (Contributor+) Stored Cross-Site Scripting (CVE-2023-0586)<\/strong>: The All in One SEO Pack plugin for WordPress is vulnerable to the stored cross-site scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.<\/p>\n\n\n\n<p>The vulnerable versions of this <a href=\"http:\/\/local.brightwhiz\/tag\/wordpress\">WordPress<\/a> plugin fail to escape submitted site titles, meta descriptions and other elements during post and page creation, and when changing plugin settings. This allows users such as contributors with access to the post editor to insert malicious <a href=\"http:\/\/local.brightwhiz\/tag\/javascript\">JavaScript<\/a> into those fields. This in turn would execute in the browser of any authenticated user, such as a site&#8217;s administrator, editing a post or page.<\/p>\n\n\n\n<p>For more details about the two vulnerabilities impacting three million sites with All In One SEO Pack WordPress plugin installed including illustrations please visit the public disclosure place <a href=\"https:\/\/www.wordfence.com\/blog\/2023\/02\/all-in-one-seo-pack-vulnerabilities-impacting-3-million-sites-patched\/\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin. The said vulnerabilities were responsibly disclosed by the Wordfence Team on January&#8230;<\/p>\n","protected":false},"author":1,"featured_media":13040,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,13,16,18],"tags":[328,350,424,433,452,526,530,591,635,636,638,1263,651],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>All In One SEO Pack Vulnerabilities Impacted 3 Million Sites<\/title>\n<meta name=\"description\" content=\"Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites\" \/>\n<meta property=\"og:description\" content=\"Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin\" \/>\n<meta property=\"og:url\" content=\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightwhiz.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/brightwhiz\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-28T01:43:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-28T01:43:05+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"680\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Bright\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:site\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Bright\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/\"},\"author\":{\"name\":\"Michael Bright\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\"},\"headline\":\"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites\",\"datePublished\":\"2023-02-28T01:43:01+00:00\",\"dateModified\":\"2023-02-28T01:43:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/\"},\"wordCount\":341,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg\",\"keywords\":[\"JavaScript\",\"Libraries\",\"Open Source\",\"Optimization\",\"PHP\",\"Security\",\"SEO\",\"Tools\",\"Web\",\"Web Applications\",\"Web Development\",\"Wordfence\",\"WordPress\"],\"articleSection\":[\"Libraries\",\"News\",\"Technology\",\"Tools\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/\",\"url\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/\",\"name\":\"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg\",\"datePublished\":\"2023-02-28T01:43:01+00:00\",\"dateModified\":\"2023-02-28T01:43:05+00:00\",\"description\":\"Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin\",\"breadcrumb\":{\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg\",\"width\":1280,\"height\":680,\"caption\":\"All In One SEO Pack Vulnerabilities\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/local.brightwhiz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/local.brightwhiz\/#website\",\"url\":\"http:\/\/local.brightwhiz\/\",\"name\":\"Brightwhiz.com\",\"description\":\"Best Tech guides, Tutorials, and News\",\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/local.brightwhiz\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/local.brightwhiz\/#organization\",\"name\":\"Brightwhiz\",\"url\":\"http:\/\/local.brightwhiz\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"width\":706,\"height\":135,\"caption\":\"Brightwhiz\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/brightwhiz\/\",\"https:\/\/twitter.com\/brightwhizmag\",\"https:\/\/instagram.com\/bright_whiz\/\",\"https:\/\/www.pinterest.com\/sobbayi\/\",\"https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\",\"name\":\"Michael Bright\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"caption\":\"Michael Bright\"},\"sameAs\":[\"https:\/\/sobbayi.com\"],\"url\":\"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites","description":"Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/","og_locale":"en_US","og_type":"article","og_title":"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites","og_description":"Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin","og_url":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/","og_site_name":"Brightwhiz.com","article_publisher":"https:\/\/www.facebook.com\/brightwhiz\/","article_published_time":"2023-02-28T01:43:01+00:00","article_modified_time":"2023-02-28T01:43:05+00:00","og_image":[{"width":1280,"height":680,"url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg","type":"image\/jpeg"}],"author":"Michael Bright","twitter_card":"summary_large_image","twitter_creator":"@brightwhizmag","twitter_site":"@brightwhizmag","twitter_misc":{"Written by":"Michael Bright","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#article","isPartOf":{"@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/"},"author":{"name":"Michael Bright","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32"},"headline":"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites","datePublished":"2023-02-28T01:43:01+00:00","dateModified":"2023-02-28T01:43:05+00:00","mainEntityOfPage":{"@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/"},"wordCount":341,"commentCount":0,"publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"image":{"@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg","keywords":["JavaScript","Libraries","Open Source","Optimization","PHP","Security","SEO","Tools","Web","Web Applications","Web Development","Wordfence","WordPress"],"articleSection":["Libraries","News","Technology","Tools"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/","url":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/","name":"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites","isPartOf":{"@id":"http:\/\/local.brightwhiz\/#website"},"primaryImageOfPage":{"@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage"},"image":{"@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg","datePublished":"2023-02-28T01:43:01+00:00","dateModified":"2023-02-28T01:43:05+00:00","description":"Two vulnerabilities impacting three million sites have recently been patched in All In One SEO Pack WordPress plugin","breadcrumb":{"@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#primaryimage","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/02\/All-In-One-SEO-Pack-Vulnerabilities.jpg","width":1280,"height":680,"caption":"All In One SEO Pack Vulnerabilities"},{"@type":"BreadcrumbList","@id":"http:\/\/local.brightwhiz\/all-in-one-seo-pack-vulnerabilities-impacted-3-million-sites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/local.brightwhiz\/"},{"@type":"ListItem","position":2,"name":"All In One SEO Pack Vulnerabilities Impacted 3 Million Sites"}]},{"@type":"WebSite","@id":"http:\/\/local.brightwhiz\/#website","url":"http:\/\/local.brightwhiz\/","name":"Brightwhiz.com","description":"Best Tech guides, Tutorials, and News","publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/local.brightwhiz\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"http:\/\/local.brightwhiz\/#organization","name":"Brightwhiz","url":"http:\/\/local.brightwhiz\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","width":706,"height":135,"caption":"Brightwhiz"},"image":{"@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/brightwhiz\/","https:\/\/twitter.com\/brightwhizmag","https:\/\/instagram.com\/bright_whiz\/","https:\/\/www.pinterest.com\/sobbayi\/","https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ"]},{"@type":"Person","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32","name":"Michael Bright","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","caption":"Michael Bright"},"sameAs":["https:\/\/sobbayi.com"],"url":"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/"}]}},"_links":{"self":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/13039"}],"collection":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/comments?post=13039"}],"version-history":[{"count":0,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/13039\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media\/13040"}],"wp:attachment":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media?parent=13039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/categories?post=13039"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/tags?post=13039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}