All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million via @sejournal, @martinibuster
The United States National Vulnerability Database published an advisory about two vulnerabilities discovered in the All In One SEO WordPress plugin.
All In One SEO (AIOSEO) plugin, which has over three million active installations, is vulnerable to two Cross-site scripting (XSS) attacks.
The vulnerabilities affect all versions of AIOSEO up to and including version 4.2.9.
Stored Cross-Site Scripting
Cross-site scripting (XSS) attacks are a form of injection exploit that involves malicious scripts executing in a user’s browser which then can lead to access to cookies, user sessions and even a site takeover.
The two most common forms of Cross-Site Scripting attacks are:
- Reflected Cross-Site Scripting