Description
WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently perform a variety of the plugin's actions or even take over a website. WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO version 2.1.9.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.1.9.8 or latest
References
Related Vulnerabilities
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048)
WordPress Plugin WP with Spritz Local/Remote File Inclusion (1.0)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (4.7.4)
WordPress Plugin CM Ad Changer Multiple Cross-Site Scripting Vulnerabilities (1.7.2)