All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic

Information

Software Type Plugin
Software Slug all-in-one-seo-pack (view on wordpress.org)
Software Status Active
Software Author smub
Software Website aioseo.com
Software Downloads 147,356,500
Software Active Installs 3,000,000
Software Record Last Updated April 26, 2024

17 Vulnerabilities

All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-0586
Feb 24, 2023
Researcher: Ivan Kuzymchak
All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-0585
Feb 24, 2023
Researchers: Marco Wotschka, Ivan Kuzymchak
All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery
8.8
CVE-2022-38093
Sep 5, 2022
Researcher: Rafie Muhammad
All in One SEO 4.1.3.1 - 4.1.5.2 - Authenticated SQL Injection
9.6
CVE-2021-25037
Dec 14, 2021
Researcher: Marc-Alexandre Montpas
All in One SEO 4.0.0 - 4.1.5.2 Authorization Bypass
8.8
CVE-2021-25036
Dec 14, 2021
Researcher: Marc-Alexandre Montpas
All in One SEO <= 4.1.0.1 - Authenticated Code Injection
8.8
CVE-2021-24307
May 9, 2021
Researcher: Vincent MICHEL
All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2020-35946
Jul 16, 2020
Researcher: Chloe Chamberland
All In One SEO Pack <= 3.2.6 - Stored Cross-Site Scripting
6.4
CVE-2019-16520
Oct 16, 2019
Researcher: Tobias Fink
All in One SEO <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting
6.4
CVE ID Unknown
Oct 18, 2018
Researcher: RIPS Technologies
All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE ID Unknown
Jul 13, 2016
Researcher: Panagiotis Vagenas
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 2.3.6 - Stored Cross-Site Scripting
7.2
CVE ID Unknown
Jul 1, 2016
Researcher: David Vaartjes
All in One SEO <= 2.2.6.1 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Apr 20, 2015
Researchers:
All in One SEO <= 2.2.5.1 - Information Disclosure
5.3
CVE-2015-0902
Mar 31, 2015
Researcher: Fumito MIZUNO
All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter
6.1
CVE-2013-5988
Aug 1, 2014
Researchers: Charlie Briggs, Richard Clifford
All in One SEO <= 2.1.5 - Missing Authorization
6.3
CVE ID Unknown
May 31, 2014
Researcher: Marc-Alexandre Montpas
All in One SEO <= 2.1.5 - Cross-Site Scripting
6.4
CVE ID Unknown
May 31, 2014
Researcher: Marc-Alexandre Montpas
All in One SEO <= 2.2.4.1 - Privilege Escalation to Arbitrary Post Modification
4.3
CVE ID Unknown
May 31, 2014
Researcher: Marc-Alexandre Montpas
Title CVE ID CVSS Researchers Date
All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-0586 6.4 Ivan Kuzymchak February 24, 2023
All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-0585 4.4 Marco Wotschka, Ivan Kuzymchak February 24, 2023
All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery CVE-2022-38093 8.8 Rafie Muhammad September 5, 2022
All in One SEO 4.1.3.1 - 4.1.5.2 - Authenticated SQL Injection CVE-2021-25037 9.6 Marc-Alexandre Montpas December 14, 2021
All in One SEO 4.0.0 - 4.1.5.2 Authorization Bypass CVE-2021-25036 8.8 Marc-Alexandre Montpas December 14, 2021
All in One SEO <= 4.1.0.1 - Authenticated Code Injection CVE-2021-24307 8.8 Vincent MICHEL May 9, 2021
All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2020-35946 6.4 Chloe Chamberland July 16, 2020
All In One SEO Pack <= 3.2.6 - Stored Cross-Site Scripting CVE-2019-16520 6.4 Tobias Fink October 16, 2019
All in One SEO <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting 6.4 RIPS Technologies October 18, 2018
All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting 7.2 Panagiotis Vagenas July 13, 2016
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 2.3.6 - Stored Cross-Site Scripting 7.2 David Vaartjes July 1, 2016
All in One SEO <= 2.2.6.1 - Reflected Cross-Site Scripting 6.1 April 20, 2015
All in One SEO <= 2.2.5.1 - Information Disclosure CVE-2015-0902 5.3 Fumito MIZUNO March 31, 2015
All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter CVE-2013-5988 6.1 Charlie Briggs, Richard Clifford August 1, 2014
All in One SEO <= 2.1.5 - Missing Authorization 6.3 Marc-Alexandre Montpas May 31, 2014
All in One SEO <= 2.1.5 - Cross-Site Scripting 6.4 Marc-Alexandre Montpas May 31, 2014
All in One SEO <= 2.2.4.1 - Privilege Escalation to Arbitrary Post Modification 4.3 Marc-Alexandre Montpas May 31, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation