Vulnerability Description
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aioseo | All In One Seo | < 4.1.5.3 |
Related Weaknesses (CWE)
References
- https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/aPatchVendor Advisory
- https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6dExploitVendor Advisory
- https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/aPatchVendor Advisory
- https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6dExploitVendor Advisory
FAQ
What is CVE-2021-25037?
CVE-2021-25037 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attacker...
How severe is CVE-2021-25037?
CVE-2021-25037 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25037?
Check the references section above for vendor advisories and patch information. Affected products include: Aioseo All In One Seo.