Medium severity4.3NVD Advisory· Published Jan 16, 2026· Updated Apr 15, 2026
CVE-2025-14384
CVE-2025-14384
Description
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /aioseo/v1/ai/credits REST route in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to disclose the global AI access token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=4.9.2
- All in One SEO/All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Trafficllm-createRange: <=4.9.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.