ThreatPress

WordPress Vulnerabilities Database

Back

WordPress All in One SEO Pack Plugin <= 2.2.5 - Information Management

Product
All In One SEO Pack
Description
All in One SEO Pack plugin is prone to an information management vulnerability. The attackers can obtain sensitive information by reading HTML source code, because this plugin does not consider the presence of password protection during generation of the Meta Description field.
Solution
Update the plugin.
Classification
Type Information Disclosure
OWASP Top 10 A6: Sensitive Data Exposure
References
CVE Mitre
CVE
Name CVE-2015-0902
Versions
Affected In <= 2.2.5
Fixed In 2.2.6
Disclosure date
2015-01-08