Plugin icon

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

Vulnerabilities:

25

Last Updated:

January 8, 2026

Active Installs:

3000000

Published
Title
Fixed in
CVSS
Published
2026-01-15
Title
All in One SEO < 4.9.3 - Contributor+ AI Access Token and Credit Disclosure
Fixed in
Fixed in 4.9.3
CVSS
2.7 (low)
Published
2025-12-06
Title
All In One SEO Pack < 4.9.1.1 - Contributor+ SQL Injection
Fixed in
Fixed in 4.9.1.1
CVSS
6.8 (medium)
Published
2025-11-26
Title
All In One SEO Pack < 4.8.7 - Subscriber+ Information Exposure
Fixed in
Fixed in 4.8.7
CVSS
4.3 (medium)
Published
2025-11-14
Title
All in One SEO < 4.9.0 - Contributor+ Arbitrary Media Deletion
Fixed in
Fixed in 4.9.0
CVSS
2.7 (low)
Published
2025-09-22
Title
All In One SEO Pack < 4.8.7.2 - Contributor+ Sensitive Information Exposure
Fixed in
Fixed in 4.8.7.2
CVSS
2.7 (low)
Published
2025-09-22
Title
All In One SEO Pack < 4.8.7.2 - Missing Authorization
Fixed in
Fixed in 4.8.7.2
CVSS
3.8 (low)
Published
2025-05-18
Title
All in One SEO Pack < 4.8.2 - Contributor+ Stored XSS via Post Meta Description and Canonical URL
Fixed in
Fixed in 4.8.2
CVSS
5.9 (medium)
Published
2024-04-29
Title
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic < 4.6.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode
Fixed in
Fixed in 4.6.1.1
CVSS
6.4 (medium)
Published
2024-04-29
Title
All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
Fixed in
Fixed in 4.6.1.1
CVSS
5.9 (medium)
Published
2023-02-24
Title
All in One SEO Pack < 4.3.0 - Admin+ Stored XSS
Fixed in
Fixed in 4.3.0
CVSS
3.1 (low)
Published
2023-02-24
Title
All in One SEO Pack < 4.3.0 - Contributor+ Stored XSS
Fixed in
Fixed in 4.3.0
CVSS
6.8 (medium)
Published
2022-09-05
Title
All in One SEO < 4.2.4 - Multiple CSRF
Fixed in
Fixed in 4.2.4
CVSS
4.3 (medium)
Published
2021-12-14
Title
All In One SEO < 4.1.5.3 - Authenticated SQL Injection
Fixed in
Fixed in 4.1.5.3
CVSS
7.7 (high)
Published
2021-12-14
Title
All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation
Fixed in
Fixed in 4.1.5.3
CVSS
9.9 (critical)
Published
2021-05-09
Title
All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize
Fixed in
Fixed in 4.1.0.2
CVSS
6.6 (medium)
Published
2020-07-16
Title
All in One SEO Pack < 3.6.2 - Authenticated Stored Cross-Site Scripting
Fixed in
Fixed in 3.6.2
CVSS
5.4 (medium)
Published
2019-10-16
Title
All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)
Fixed in
Fixed in 3.2.7
CVSS
5.4 (medium)
Published
2018-12-04
Title
All in One SEO Pack < 2.10 - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.10
CVSS
n/a
Published
2016-07-13
Title
All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.3.8
CVSS
n/a
Published
2016-07-10
Title
All in One SEO Pack < 2.3.7 - Unauthenticated Stored Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.3.7
CVSS
n/a
Published
2015-04-20
Title
All in One SEO Pack <= 2.2.6.1 - Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.2.6.2
CVSS
n/a
Published
2015-03-31
Title
All in One SEO Pack < 2.2.6 - Information Disclosure
Fixed in
Fixed in 2.2.6
CVSS
n/a
Published
2014-08-01
Title
All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation
Fixed in
Fixed in 2.1.6
CVSS
n/a
Published
2014-08-01
Title
All in One SEO Pack <= 2.1.5 - aioseop_functions.php new_meta Parameter XSS
Fixed in
Fixed in 2.1.6
CVSS
n/a
Published
2014-08-01
Title
All in One SEO Pack <= 2.0.3 - XSS
Fixed in
Fixed in 2.0.3.1
CVSS
6.1 (medium)