Description

WordPress Plugin SEO contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin SEO version 5.0 is vulnerable.

Remediation

Disable the plugin until a fix is available

References

https://www.pluginvulnerabilities.com/2016/10/24/a-good-example-of-why-wordpress-keeping-quiet-about-unfixed-plugin-vulnerabilities-doesnt-make-sense/

Related Vulnerabilities

WebLogic Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5638)

WordPress Plugin WP-RecentComments SQL Injection (2.0.7)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-26185)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4300)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0063)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update