CVE-2020-35946 MEDIUM

CVE-2020-35946

Vendor N/A
Product n/a
Published January 1, 2021
Last update August 4, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R

What the vulnerability does

01Description

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.

Key dates

02Disclosure timeline

January 1, 2021 CVE published
August 4, 2024 Record updated