WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic

2021-12-14
All In One SEO < 4.1.5.3 - Authenticated SQL Injection
Fixed in version 4.1.5.3
2021-12-14
All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation
Fixed in version 4.1.5.3
2021-05-09
All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize
Fixed in version 4.1.0.2
2020-07-16
All in One SEO Pack < 3.6.2 - Authenticated Stored Cross-Site Scripting
Fixed in version 3.6.2
2019-10-16
All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)
Fixed in version 3.2.7
2018-12-04
All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in version 2.10
2016-07-13
All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting (XSS)
Fixed in version 2.3.8
2016-07-10
All in One SEO Pack <= 2.3.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
Fixed in version 2.3.7
2015-04-20
All in One SEO Pack <= 2.2.6.1 - Cross-Site Scripting (XSS)
Fixed in version 2.2.6.2
2015-03-31
All in One SEO Pack <= 2.2.5.1 - Information Disclosure
Fixed in version 2.2.6
2014-08-01
All in One SEO Pack <= 2.1.5 - aioseop_functions.php new_meta Parameter XSS
Fixed in version 2.1.6
2014-08-01
All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation
Fixed in version 2.1.6
2014-08-01
All in One SEO Pack <= 2.0.3 - XSS
Fixed in version 2.0.3.1