5
CVE-2015-0902
- EPSS 3.03%
- Veröffentlicht 03.04.2015 10:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginAll in One SEO <= 2.2.5.1 - Information Disclosure
The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.
Mögliche Gegenmaßnahme
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic: Update to version 2.2.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Semperfiwebdesign ≫ All In One Seo Pack SwPlatformwordpress Version <= 2.2.5.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Version
[*, 2.2.6)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.03% | 0.858 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://jvn.jp/en/jp/JVN75615300/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046
http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/
https://www.wordfence.com/threat-intel/vulnerabilities/id/39f8c830-9f71-4ca6-8fcc-54769cef878f