WordPress Plugin Vulnerabilities

All In One SEO Pack < 4.8.7 - Subscriber+ Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
all-in-one-seo-pack
Fixed in 4.8.7

References

CVE
CVE-2025-64295
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d77a47e9-0d34-4a88-a913-74a8ef972f9b

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abu Hurayra (HurayraIIT)
Verified
No
WPVDB ID
04376c90-1430-408d-ac3c-32bb7cc15877

Timeline

Publicly Published
2025-11-26 (about 5 months ago)
Added
2025-12-21 (about 4 months ago)
Last Updated
2025-12-21 (about 4 months ago)

Other

Published
Title
Published
2024-07-31
Title
CTT Expresso para WooCommerce < 3.2.13 - Information Exposure via Unprotected Directory
Published
2025-01-08
Title
WP Database Backup < 7.4 - Unauthenticated Database Back-Up Exposure
Published
2025-01-06
Title
Duplicate Post, Page and Any Custom Post < 3.5.6 - Authenticated (Contributor+) Post Disclosure via Post Duplication
Published
2026-04-29
Title
Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure
Published
2025-02-04
Title
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto < 8.0.9 - Unauthenticated Sensitive Information Exposure