Description

WordPress Plugin SEO contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin SEO version 5.0 is vulnerable.

Remediation

Disable the plugin until a fix is available

References

https://www.pluginvulnerabilities.com/2016/10/24/a-good-example-of-why-wordpress-keeping-quiet-about-unfixed-plugin-vulnerabilities-doesnt-make-sense/

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2005-1344)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33829)

WordPress Plugin Trust Form Cross-Site Scripting (2.0)

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7829)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5339)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update