Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier

Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier

On 18 lipca, 2016, Posted by , In News, By ,,,,, , With Możliwość komentowania Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier została wyłączona

There is a serious stored cross site scripting (XSS) vulnerability in All in One SEO Pack Plugin versions 2.3.6.1 and older. This plugin is installed on over 1 million active websites and is extremely popular and widely used.

The vulnerability allows an attacker to send a malicious HTTP User-Agent or Referrer header to the site containing an XSS payload. If the administrator then visits their admin panel and views the “Bad Bot Blocker” settings page in this plugin, the attacker can take full control of their site.

Serious Vulnerability in All in One SEO Pack Plugin 2.3.6.1 and earlier