![]() The PostsTerms::searchForObjects() method, which is accessible via the /wp-json/aioseo/v1/objects REST API route only escaped user input using wpdb::esc_like() before appending said input to an SQL query. ![]() Public function validateAccess( $request ) ' )" ) * \WP_REST_Request $request The REST Request. * Validates access from the routes array. DetailsĪuthor: The Vulnerabilities Authenticated Privilege EscalationĪffected versions: Every version between 4.0.0 and 4.1.5.2 inclusively. We strongly recommend that you update to the latest plugin version and have an established security solution on your site, such as Jetpack Security. We reported the vulnerabilities to the plugin’s author via email, and they recently released version 4.1.5.3 to address them. ![]() This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites. The Privilege Escalation bug we discovered may grant bad actors access to protected REST API endpoints they shouldn’t have access to. If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). During an internal audit of the All In One SEO plugin, we uncovered an SQL Injection vulnerability and a Privilege Escalation bug.
0 Comments
Leave a Reply. |