VYPR
Vendor

Aioseo

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2025-1264MedApr 6, 2025
    risk 0.42cvss 6.5epss 0.00

    The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to SQL Injection via the 'orderBy' parameter in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack…

  • CVE-2024-3554MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient input sanitization…

  • CVE-2023-0586MedFeb 24, 2023
    risk 0.42cvss 6.4epss 0.03

    The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with…

  • CVE-2023-0585MedFeb 24, 2023
    risk 0.29cvss 4.4epss 0.01

    The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with…

  • CVE-2026-5075MedMay 20, 2026
    risk 0.21cvss 4.3epss 0.00

    The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp_localize_script() in post editor contexts without…

  • CVE-2025-2892May 19, 2025
    risk 0.00cvss epss 0.00

    The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient…

  • CVE-2024-3368May 20, 2024
    risk 0.00cvss epss 0.00

    The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

  • CVE-2022-42494Nov 8, 2022
    risk 0.00cvss epss 0.01

    Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.