VYPR

All In One Seo Pack

by WordPress

Source repositories

CVEs (14)

  • CVE-2025-67950HigDec 16, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.

  • CVE-2025-64295MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1.

  • CVE-2023-0586MedFeb 24, 2023
    risk 0.42cvss 6.4epss 0.03

    The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with…

  • CVE-2025-58650MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1.

  • CVE-2023-0585MedFeb 24, 2023
    risk 0.29cvss 4.4epss 0.01

    The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with…

  • CVE-2025-12847MedNov 15, 2025
    risk 0.28cvss 4.3epss 0.00

    The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST…

  • CVE-2026-5075MedMay 20, 2026
    risk 0.21cvss 4.3epss 0.00

    The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp_localize_script() in post editor contexts without…

  • CVE-2025-14384MedJan 16, 2026
    risk 0.21cvss 4.3epss 0.00

    The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1/ai/credits` REST route in all versions up to, and including, 4.9.2. This…

  • CVE-2021-25037Jan 17, 2022
    risk 0.00cvss epss 0.01

    The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g.,…

  • CVE-2021-25036Jan 17, 2022
    risk 0.00cvss epss 0.03

    The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could…

  • CVE-2020-35946Jan 1, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.

  • CVE-2013-5988Feb 11, 2020
    risk 0.00cvss epss 0.01

    A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.

  • CVE-2019-16520Oct 16, 2019
    risk 0.00cvss epss 0.02

    The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.

  • CVE-2015-0902Apr 3, 2015
    risk 0.00cvss epss 0.03

    The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.