Vulnerabilities > Aioseo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-24 | CVE-2023-0585 | Unspecified vulnerability in Aioseo ALL in ONE SEO The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-02-24 | CVE-2023-0586 | Unspecified vulnerability in Aioseo ALL in ONE SEO The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2022-11-08 | CVE-2022-42494 | Server-Side Request Forgery (SSRF) vulnerability in Aioseo ALL in ONE SEO Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | 6.5 |
| 2022-01-17 | CVE-2021-25037 | Unspecified vulnerability in Aioseo ALL in ONE SEO The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). | 6.5 |