WordPress Plugin Vulnerabilities

All In One SEO Pack < 4.8.7.2 - Contributor+ Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
all-in-one-seo-pack
Fixed in 4.8.7.2

References

CVE
CVE-2025-58649
URL
https://patchstack.com/database/wordpress/plugin/all-in-one-seo-pack/vulnerability/wordpress-all-in-one-seo-pack-plugin-4-8-7-sensitive-data-exposure-vulnerability

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Abu Hurayra
Verified
No
WPVDB ID
99e52382-5fa5-4c42-8248-91d9f0bb01c4

Timeline

Publicly Published
2025-09-22 (about 7 months ago)
Added
2025-09-29 (about 7 months ago)
Last Updated
2025-10-07 (about 7 months ago)

Other

Published
Title
Published
2025-03-04
Title
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More < 2.6.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Published
2025-01-03
Title
WP SecureSubmit <= 1.5.20 - Unauthenticated Sensitive Information Exposure
Published
2024-01-16
Title
SalesKing < 1.6.30 - Unauthenticated Sensitive Information Exposure
Published
2025-12-22
Title
WooCommerce - Subscriber/Customer+ Order Data Disclosure
Published
2024-08-12
Title
Store Locator Plus <= 2311.17.01 - Unauthenticated Sensitive Information Exposure