CVE-2015-0902

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.

Published: Apr 3, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-0902
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
semperfiwebdesign / all_in_one_seo_pack	-	2.2.5.1.x

http://jvn.jp/en/jp/JVN75615300/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000046
http://semperfiwebdesign.com/blog/all-in-one-seo-pack/all-in-one-seo-pack-release-history/

Vulnerability Database

291,049

CVE-2015-0902