CVE-2019-16520

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-16520

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16520.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16520

Published

2019-10-16T14:15:13.777Z

Modified

2026-03-15T22:27:19.042550Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.

References

Affected packages

Git / github.com/awesomemotive/all-in-one-seo-pack

Affected ranges

Type

GIT

Repo

https://github.com/awesomemotive/all-in-one-seo-pack

Events

Introduced

Fixed

242aefdd99715e64cba4f140cb476e5c1ae7b975

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.7"
        }
    ]
}

Affected versions

2.*

2.10

2.10.1

2.11

2.12

2.12.1

2.3

2.3-alpha

2.3.1

2.3.10.1

2.3.11

2.3.11.1

2.3.11.2

2.3.11.4

2.3.12

2.3.12.1

2.3.12.2

2.3.12.2.1

2.3.12.3

2.3.12.4

2.3.12.5

2.3.13

2.3.13.2

2.3.14

2.3.14.1

2.3.14.2

2.3.15

2.3.15.1

2.3.15.2

2.3.15.3

2.3.16

2.3.2.1

2.3.3

2.3.3.1

2.3.3.2

2.3.4.1

2.3.4.2

2.3.5

2.3.5.1

2.3.6

2.3.7

2.3.8

2.3.9

2.3.9.2

2.4

2.4.1

2.4.1.1

2.4.2

2.4.2.1

2.4.3

2.4.4

2.4.4.1

2.4.5

2.4.5.1

2.4.6

2.5

2.6

2.6.1

2.7

2.7.1

2.7.2

2.7.3

2.8

2.9

2.9.1

3.*

3.0

3.0.1

3.0.2

3.0.3

3.0.4

3.1

3.1.1

3.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16520.json"