Popular All-In-One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million Websites

SEOWordPress
Written By Scott - Owner - Lithium Design

Table of Contents Hide

    Overview

    All-In-One SEO WordPress plugins older than 4.2.9 are vulnerable to stored cross-site scripting attacks!

    The National Vulnerability Database of the United States issued an advisory about two vulnerabilities discovered in the All In One SEO WordPress plugin.

    The All In One SEO (AIOSEO) plugin has over three million active installations and is vulnerable to two XSS attacks.

    The vulnerabilities affect all AIOSEO versions up to and including 4.2.9.

    Cross-Site Scripting that is saved

    Cross-site scripting (XSS) attacks are a type of injection exploit in which malicious scripts are executed in a user's browser, allowing access to cookies, user sessions, and even site takeover.

    Cross-Site Scripting attacks are classified into two types:

    • Cross-Site Scripting Reflected

    • Stored Site-to-Site Scripting

    A Reflected XSS works by sending a script to a user who clicks on it, which then redirects the user to the vulnerable site, which "reflects" the attack back at the user.

    A Stored XSS occurs when the malicious script is located on the vulnerable site.

    Hackers exploit any form of website input, such as a contact form, image upload form, or any area where someone can upload or make a submission.

    The vulnerability occurs when insufficient security checks are in place to prevent unauthorised input.

    Both of the issues affecting the AIOSEO plugin are Stored Cross-Site Scripting flaws.

    CVE-2023-0585

    To keep track of vulnerabilities, they are assigned numbers. CVE-2023-0585 was the first to be assigned.

    The failure to sanitise inputs causes this vulnerability. This indicates that there is insufficient filtering to prevent a hacker from uploading a malicious script.

    The National Vulnerability Database (NVD) notice describes it like this:

    The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping.

    This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    — The National Vulnerability Database

    The vulnerability has a threat level of 4.4 (out of ten), which is considered medium.

    To carry out this attack, an attacker must first obtain administrator or higher privileges.

    CVE-2023-0586

    This attack is very similar to the first. The main distinction is that an attacker must have at least contributor-level website access privileges.

    A contributor-level role can create content but cannot publish it.

    The vulnerability is also classified as a medium-level threat but has a higher vulnerability score of 6.4.

    This is the description:

    The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping.

    This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    — The National Vulnerability Database

    Lithium’s Point Of View

    This is just another reason we use Squarespace as our dedicated CMS. It does not use third-party plugins, so our clients will never experience a situation where their site is vulnerable or security is compromised to such a degree.

     

    Share this article, go on, you know you want to!

    Scott - Owner - Lithium Design

    Self-confessed gadget man who loves all things tech and anything that barks.

    https://lithiumdesign.co.uk
    Next

    What colour palette should you use for your website or mobile app?