What is CVE-2021-24307?

CVE-2021-24307 is a vulnerability in All In One Seo Team – Best Wordpress Plugin Easily Improve Your Rankings, classified under Deserialization of Untrusted Data. Published 2021-05-24.

Is CVE-2021-24307 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in All In One Seo Team – Best Wordpress Plugin Easily Improve Your Rankings

CVE-2021-24307

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host…

Vulnerability class: Insecure Deserialization

EPSS: 0.526 (98.8th percentile) — read the EPSS interpretation.

Affected products

All In One Seo Team – Best Wordpress Plugin Easily Improve Your Rankings — versions 4.1.0.2

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

References

wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1 (x_refsource_CONFIRM)
aioseo.com/changelog/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24307?: CVE-2021-24307 is a vulnerability in All In One Seo Team – Best Wordpress Plugin Easily Improve Your Rankings, classified under Deserialization of Untrusted Data. Published 2021-05-24.
Is CVE-2021-24307 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.