CVE-2013-5988: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in the All in One SEO Pack WordPress plugin versions before 2.0.3.1. The vulnerability was identified and assigned CVE-2013-5988, affecting versions from 1.3.6.4 up to 1.6.15.2 and versions 2.0 up to 2.0.3.1. The vulnerability was exploitable through the Search parameter (NVD, CVE).

The vulnerability is classified as a Cross-site Scripting (XSS) issue, specifically categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). According to the CVSS 3.1 scoring system, it received a base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (NVD).

The vulnerability could allow attackers to execute cross-site scripting attacks through the Search parameter, potentially leading to the compromise of user data and unauthorized actions in the context of the affected WordPress site. The CVSS scoring indicates low impacts on both confidentiality and integrity, with no impact on availability (WPScan).

The vulnerability was fixed in version 2.0.3.1 of the All in One SEO Pack plugin. Users should upgrade to this version or later to mitigate the risk (WPScan).