cvedb.io
CVE-2023-0157
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2023-04-10T14:15:08.157 · Last modified 2026-06-17T05:24:55.210

Summary

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.

Affected products

updraftplus — all-in-one_security

Does this affect you?

Add your gear to cvedb and we'll alert you only when updraftplus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.