5

CVE-2015-0902

EPSS 1.69%
Veröffentlicht 03.04.2015 10:59:08
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

All in One SEO <= 2.2.5.1 - Information Disclosure

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.

Mögliche Gegenmaßnahme

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic: Update to version 2.2.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

Version [*, 2.2.6)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Semperfiwebdesign ≫ All In One Seo Pack SwPlatformwordpress Version <= 2.2.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.69%	0.819

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://jvn.jp/en/jp/JVN75615300/index.html

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046

Vendor Advisory

http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/

Patch

Vendor Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/39f8c830-9f71-4ca6-8fcc-54769cef878f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-0902

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0902

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0902

EUVD