Vulnerabilities and security researches forall-in-one-seo-pack all-in-one-seo-pack

Direction: ascending

Jun 07, 2024

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2015-0902

CVE, Research URL: CVE-2015-0902
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Apr 03, 2015
Research Description: The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.
Affected versions: max 2.2.6.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2021-25036

CVE, Research URL: CVE-2021-25036
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jan 17, 2022
Research Description: The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites.
Affected versions: max 4.1.5.3.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2021-25037

CVE, Research URL: CVE-2021-25037
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jan 17, 2022
Research Description: The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
Affected versions: max 4.1.5.3.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2021-24307

CVE, Research URL: CVE-2021-24307
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 24, 2021
Research Description: The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution.
Affected versions: max 4.1.0.2.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2020-35946

CVE, Research URL: CVE-2020-35946
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jan 01, 2021
Research Description: An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.
Affected versions: max 3.6.2.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2022-38093

CVE, Research URL: CVE-2022-38093
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Sep 09, 2022
Research Description: Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.
Affected versions: max 4.2.4.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2013-5988

CVE, Research URL: CVE-2013-5988
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Feb 11, 2020
Research Description: A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.
Affected versions: max 2.0.3.1.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2019-16520

CVE, Research URL: CVE-2019-16520
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Oct 16, 2019
Research Description: The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
Affected versions: max 3.2.7.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2023-0586

CVE, Research URL: CVE-2023-0586
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Feb 24, 2023
Research Description: The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.3.0.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2024-3554

CVE, Research URL: CVE-2024-3554
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 02, 2024
Research Description: The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.6.1.1.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2024-3368

CVE, Research URL: CVE-2024-3368
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 20, 2024
Research Description: The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: max 4.6.1.1.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2023-0585

CVE, Research URL: CVE-2023-0585
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Feb 24, 2023
Research Description: The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.3.0.
Status: vulnerable

Jul 24, 2024

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # PSC-2024-64503

PSC, Research URL: PSC-2024-64503
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 13, 2025
Research Description: With the advent of the Plugin Security Certificate (PSC) from CleanTalk, the “All in One SEO” plugin has reached a new level of trust and reliability. This certification underlines the commitment to reliable security measures that guarantee the integrity of the management of this plugin in WordPress.
Affected versions: Min 4.9.7.2, max 4.9.7.2.
Status: SAFE & CERTIFIED

May 19, 2025

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2025-2892

CVE, Research URL: CVE-2025-2892
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 19, 2025
Research Description: The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.8.2.
Status: vulnerable

Jan 09, 2026

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2025-12847

CVE, Research URL: CVE-2025-12847
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Nov 15, 2025
Research Description: The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint `/wp-json/aioseo/v1/ai/image-generator` only verifying that users have the `edit_posts` capability (Contributors and above) without checking if they own or have permission to delete the specific media attachments. This makes it possible for authenticated attackers, with Contributor-level access and above, to permanently delete arbitrary media attachments by ID via the REST API, granted they can determine valid attachment IDs.
Affected versions: max 4.9.0.
Status: vulnerable

Jan 27, 2026

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2025-14384

CVE, Research URL: CVE-2025-14384
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jan 16, 2026
Research Description: The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1/ai/credits` REST route in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to disclose the global AI access token.
Affected versions: max 4.9.3.
Status: vulnerable

Apr 23, 2026

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2025-58649

CVE, Research URL: CVE-2025-58649
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Sep 23, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1.
Affected versions: max 4.8.7.2.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2025-58650

CVE, Research URL: CVE-2025-58650
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Sep 23, 2025
Research Description: Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1.
Affected versions: max 4.8.7.2.
Status: vulnerable

May 21, 2026

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2026-5075

CVE, Research URL: CVE-2026-5075
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 20, 2026
Research Description: The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp_localize_script() in post editor contexts without effective masking for low-privilege users. This makes it possible for authenticated attackers, with contributor-level access and above, to view configured API/OAuth tokens and license-related values from page source.
Affected versions: max 4.9.7.1.
Status: vulnerable

Jun 14, 2026

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2025-67950

CVE, Research URL: CVE-2025-67950
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Dec 16, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.
Affected versions: max 4.9.1.1.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # CVE-2025-64295

CVE, Research URL: CVE-2025-64295
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Dec 18, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1.
Affected versions: max 4.8.7.
Status: vulnerable

Jun 16, 2026

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # aa790e24-ae9d-48b9-8071-7ca138cdc69d

CVE, Research URL: aa790e24-ae9d-48b9-8071-7ca138cdc69d
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: -
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.3.7 All in One SEO Pack <= 2.3.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) Requires 'Track Blocked Bots setting' to be enabled which it is not by default.
Affected versions: max 2.3.7.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 484a9f3f7b1967a94bd8d9f2703eb9bf5bf20e6f

CVE, Research URL: 484a9f3f7b1967a94bd8d9f2703eb9bf5bf20e6f
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 15, 2015
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.1.6 WordPress All in One SEO Pack Plugin <= 2.1.5 - Privilege Escalation This plugin is prone to an unspecified privilege escalation vulnerability. Update the plugin.
Affected versions: max 2.1.6.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 16353d45-75d1-4820-b93f-daad90c322a8

CVE, Research URL: 16353d45-75d1-4820-b93f-daad90c322a8
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: -
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.10 All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS) The All in One SEO Pack WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.
Affected versions: max 2.10.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 42a98395-e4e4-47a5-b758-2b76b7c4885a

CVE, Research URL: 42a98395-e4e4-47a5-b758-2b76b7c4885a
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: -
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.3.8 All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting (XSS) The All in One SEO Pack WordPress plugin was affected by a Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.
Affected versions: max 2.3.8.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # d13c2bc5806bb2a3e15eda463d7d4ab72392d787

CVE, Research URL: d13c2bc5806bb2a3e15eda463d7d4ab72392d787
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jul 19, 2016
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.3.8 WordPress All in One SEO Pack Plugin <= 2.3.7 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Upgrade this plugin.
Affected versions: max 2.3.8.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 7516e9f88fcafa2b03d0ff9b541a6d8329fef6c6

CVE, Research URL: 7516e9f88fcafa2b03d0ff9b541a6d8329fef6c6
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jul 11, 2016
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.3.6.2 WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS Because of this vulnerability, an attacker can steal administrators session token or perform other arbitrary actions. Update the WordPress plugin to the newer stable and safe version.
Affected versions: max 2.3.6.2.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # f0b66901fdcf4e195f91657e338b1db0d8f047ad

CVE, Research URL: f0b66901fdcf4e195f91657e338b1db0d8f047ad
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Sep 09, 2015
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.2.6.2 WordPress All in One SEO Pack Plugin <= 2.2.6.1 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Upgrade the plugin.
Affected versions: max 2.2.6.2.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 5c21716107f3a3a375a3263b7c0c97b89d7dcc6a

CVE, Research URL: 5c21716107f3a3a375a3263b7c0c97b89d7dcc6a
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 15, 2015
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.1.6 WordPress All in One SEO Pack Plugin <= 2.1.5 - Cross Site Scripting This plugin is prone to a cross site scripting vulnerability via aioseop_functions.php new_meta parameter. Update the plugin.
Affected versions: max 2.1.6.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # be315b0303a75217b959c25bb227e6c1329b1a1e

CVE, Research URL: be315b0303a75217b959c25bb227e6c1329b1a1e
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jul 19, 2016
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.3.7 WordPress All in One SEO Pack Plugin <= 2.3.6.1 - Stored Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update the plugin.
Affected versions: max 2.3.7.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 3a79a32d-2744-41c5-8752-0540f744e25d

CVE, Research URL: 3a79a32d-2744-41c5-8752-0540f744e25d
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: -
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.1.6 All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation The All in One SEO Pack WordPress plugin was affected by an Unspecified Privilege Escalation security vulnerability.
Affected versions: max 2.1.6.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 99cef9ace89776148234e4f94912711aab354a3a

CVE, Research URL: 99cef9ace89776148234e4f94912711aab354a3a
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Apr 20, 2015
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.2.6.2 All in One SEO <= 2.2.6.1 - Reflected Cross-Site Scripting The All in One SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2.6.1 due to insufficient input sanitization and output escaping on add_query_arg and remove_query_arg. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: max 2.2.6.2.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 6f351bbd478531d8361126335b04afe8d56a098f

CVE, Research URL: 6f351bbd478531d8361126335b04afe8d56a098f
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 31, 2014
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.1.6 All in One SEO <= 2.1.5 - Cross-Site Scripting The All in One SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SEO settings for posts in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.1.6.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 9c76c04d-3c4e-4a06-ab7e-054bc21c55fc

CVE, Research URL: 9c76c04d-3c4e-4a06-ab7e-054bc21c55fc
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: -
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.2.6.2 wpscan.com
Affected versions: max 2.2.6.2.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 975a2669a2db11f3fa8a69746c8be9253d8a060f

CVE, Research URL: 975a2669a2db11f3fa8a69746c8be9253d8a060f
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jul 01, 2016
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.3.7 All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 2.3.6 - Stored Cross-Site Scripting The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_REFERER header in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.3.7.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 3ba807ccfacfcb7a0533e3c9d7970536d7380445

CVE, Research URL: 3ba807ccfacfcb7a0533e3c9d7970536d7380445
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Oct 18, 2018
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.10 All in One SEO <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting The All in One SEO plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including 2.9.1.1, via post meta values. This makes it possible for attackers with Contributor level permissions and above to inject arbitrary web scripts in administrative pages that execute whenever a user accesses the page with the stored web scripts.
Affected versions: max 2.10.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # a32fbfc28c93ef3110ed89cda027e1f3df613f67

CVE, Research URL: a32fbfc28c93ef3110ed89cda027e1f3df613f67
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: Jul 13, 2016
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.3.8 All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting The All in One SEO Pack plugin for WordPress is vulnerable to unauthenticated stored Cross-Site Scripting via unspecified vectors that make it possible for attackers to inject arbitrary web scripts into web pages that will execute when a victim accesses the page in versions up to, and including, 2.3.7. Please note that this exploit only works if the user has enabled the sitemap module in the plugin.
Affected versions: max 2.3.8.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # cf9a6262a1b6cbbfceb42f683a61bda04835f180

CVE, Research URL: cf9a6262a1b6cbbfceb42f683a61bda04835f180
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 31, 2014
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.2.5 All in One SEO <= 2.2.4.1 - Privilege Escalation to Arbitrary Post Modification The All in One SEO plugin for WordPress is vulnerable to Authenticated Privilege Escalation leading to Post Changes in versions up to, and including, 2.2.4.1. This is due to certain actions being available to low-privileged users. This makes it possible for Subscriber-level attackers to add or modify certain parameters used by the plugin. This includes the post’s SEO title, description and keyword meta tags. This could be used to decrease a site's Search Engine Results Page (SERP) ranking.
Affected versions: max 2.2.5.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 845a890f-1c56-4075-a717-c9627586cbbe

CVE, Research URL: 845a890f-1c56-4075-a717-c9627586cbbe
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: -
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.1.6 All in One SEO Pack <= 2.1.5 - aioseop_functions.php new_meta Parameter XSS The All in One SEO Pack WordPress plugin was affected by an aioseop_functions.php new_meta Parameter XSS security vulnerability.
Affected versions: max 2.1.6.
Status: vulnerable

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic # 8327743a0a9105aea318021a17da44155e980487

CVE, Research URL: 8327743a0a9105aea318021a17da44155e980487
Home page URL: Security reports for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Application: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Date: May 31, 2014
Research Description: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic [all-in-one-seo-pack] < 2.1.6 All in One SEO <= 2.1.5 - Missing Authorization The All in One SEO plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the aioseop_ajax_save_meta() function in versions up to, and including, 2.1.5. This makes it possible for authenticated attackers with subscriber level permissions and above to modify some of the SEO settings of the plugin for any given post.
Affected versions: max 2.1.6.
Status: vulnerable