Popular All-In-One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million Websites
Table of Contents Hide
Overview
All-In-One SEO WordPress plugins older than 4.2.9 are vulnerable to stored cross-site scripting attacks!
The National Vulnerability Database of the United States issued an advisory about two vulnerabilities discovered in the All In One SEO WordPress plugin.
The All In One SEO (AIOSEO) plugin has over three million active installations and is vulnerable to two XSS attacks.
The vulnerabilities affect all AIOSEO versions up to and including 4.2.9.
Cross-Site Scripting that is saved
Cross-site scripting (XSS) attacks are a type of injection exploit in which malicious scripts are executed in a user's browser, allowing access to cookies, user sessions, and even site takeover.
Cross-Site Scripting attacks are classified into two types:
Cross-Site Scripting Reflected
Stored Site-to-Site Scripting
A Reflected XSS works by sending a script to a user who clicks on it, which then redirects the user to the vulnerable site, which "reflects" the attack back at the user.
A Stored XSS occurs when the malicious script is located on the vulnerable site.
Hackers exploit any form of website input, such as a contact form, image upload form, or any area where someone can upload or make a submission.
The vulnerability occurs when insufficient security checks are in place to prevent unauthorised input.
Both of the issues affecting the AIOSEO plugin are Stored Cross-Site Scripting flaws.
CVE-2023-0585
To keep track of vulnerabilities, they are assigned numbers. CVE-2023-0585 was the first to be assigned.
The failure to sanitise inputs causes this vulnerability. This indicates that there is insufficient filtering to prevent a hacker from uploading a malicious script.
The National Vulnerability Database (NVD) notice describes it like this:
The vulnerability has a threat level of 4.4 (out of ten), which is considered medium.
To carry out this attack, an attacker must first obtain administrator or higher privileges.
CVE-2023-0586
This attack is very similar to the first. The main distinction is that an attacker must have at least contributor-level website access privileges.
A contributor-level role can create content but cannot publish it.
The vulnerability is also classified as a medium-level threat but has a higher vulnerability score of 6.4.
This is the description:
Lithium’s Point Of View
This is just another reason we use Squarespace as our dedicated CMS. It does not use third-party plugins, so our clients will never experience a situation where their site is vulnerable or security is compromised to such a degree.
Share this article, go on, you know you want to!