EIP-2026-113555

This is a detailed technical analysis of a stored XSS vulnerability in the All in One SEO Pack WordPress Plugin (version 2.3.6.1). The vulnerability arises from improper sanitization of User-Agent and Referer headers in the Bot Blocker functionality, allowing an attacker to inject malicious scripts into the admin dashboard.