Description

WordPress Plugin SEO contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin SEO version 5.0 is vulnerable.

Remediation

Disable the plugin until a fix is available

References

https://www.pluginvulnerabilities.com/2016/10/24/a-good-example-of-why-wordpress-keeping-quiet-about-unfixed-plugin-vulnerabilities-doesnt-make-sense/

Related Vulnerabilities

Werkzeug WSGI Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34069)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-1377)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4545)

WordPress Plugin RoyalSlider Cross-Site Scripting (3.2.6)

IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3045)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update