QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24307

Back to search

CVE-2021-24307

Published: May 24, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution.

VendorProductVersions

All in One SEO Team

All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings

affected
4.1.0.2 - < 4.1.0.2

Weaknesses (CWE)

CWE-502

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now