CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2021-25036 – All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-25036
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites. El plugin All in One SEO de WordPress versiones anteriores a 4.1.5.3, está afectado por un problema de escalada de privilegios, que fue detectado durante una auditoría interna por el equipo de Jetpack Scan, y podría conceder a malos actores acceso a endpoints de la API REST protegidos a los que no deberían tener acceso. Esto podría, en última instancia, permitir a usuarios con cuentas de bajo privilegio, como los suscriptores, llevar a cabo una ejecución de código remota en los sitios afectados • https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3 https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/Api.php https://wpscan.com/vulnerability/6de4a7de-6b71-4349-8e52-04c89c5e6d6c • CWE-178: Improper Handling of Case Sensitivity CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24307 – All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize
https://notcve.org/view.php?id=CVE-2021-24307
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution. All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings versiones anteriores a 4.1.0.2 permite a usuarios autenticados con el privilegio "aioseo_tools_settings" (la mayoría de las veces administrador) ejecutar código arbitrario en el host subyacente. • https://github.com/darkpills/CVE-2021-24307-all-in-one-seo-pack-admin-rce https://aioseo.com/changelog https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •