CVE-2024-1037
- EPSS 0.68%
- Veröffentlicht 07.02.2024 07:15:08
- Zuletzt bearbeitet 21.11.2024 08:49:39
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping...
CVE-2023-0156
- EPSS 54.65%
- Veröffentlicht 10.04.2023 14:15:08
- Zuletzt bearbeitet 11.02.2025 15:15:15
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to...
CVE-2023-0157
- EPSS 41.56%
- Veröffentlicht 10.04.2023 14:15:08
- Zuletzt bearbeitet 11.02.2025 22:15:24
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code th...
CVE-2022-4346
- EPSS 0.15%
- Veröffentlicht 23.01.2023 15:15:14
- Zuletzt bearbeitet 02.04.2025 16:15:24
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.
CVE-2022-4097
- EPSS 0.19%
- Veröffentlicht 12.12.2022 18:15:13
- Zuletzt bearbeitet 14.04.2025 19:15:33
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).