All-In-One Security (AIOS) – Security and Firewall

Software Type	Plugin
Software Slug	all-in-one-wp-security-and-firewall (view on wordpress.org)
Software Status	Active
Software Author	davidanderson
Software Website	wordpress.org
Software Downloads	26,516,929
Software Active Installs	1,000,000
Software Record Last Updated	April 18, 2024

Showing 1-20 of 26 Vulnerabilities

All In One WP Security <= 5.2.6 - Cross-Site Request Forgery to IP Blocking

4.3

CVE-2024-30468

Feb 8, 2024

Researcher: Ananda Dhakal

All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-1037

Feb 6, 2024

Researcher: stealthcopter

All In One WP Security <= 5.2.4 - Protection Bypass of Renamed Login Page via URL Encoding

5.3

CVE-2023-52147

Oct 25, 2023

Researcher: Naveen Muthusamy

All In One WP Security 5.1.9 - Plaintext Storage of Credentials

5.9

CVE ID Unknown

Jul 11, 2023

Researchers:

All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-0157

Mar 20, 2023

Researcher: Bartłomiej Marek

All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal

4.9

CVE-2023-0156

Feb 14, 2023

Researcher: Bartłomiej Marek

All-In-One Security <= 5.1.2 - Information Disclosure

5.3

CVE-2022-4346

Dec 9, 2022

Researcher: Daniel Ruf

All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-44737

Nov 22, 2022

Researcher: Rafie Muhammad

All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass

6.5

CVE-2022-4097

Nov 21, 2022

Researcher: Daniel Ruf

All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery

8.8

CVE ID Unknown

Nov 17, 2022

Researchers:

All In One WP Security & Firewall 5.0.0 - 5.0.7 - Protection Bypass via IP Spoofing

6.5

CVE ID Unknown

Sep 30, 2022

Researcher: Calvin Alkan

All In One WP Security & Firewall <= 4.4.10 - Open Redirect and Reflected Cross-Site Scripting

6.1

CVE-2021-25102

Apr 11, 2022

Researcher: ZhongFu Su

All In One WP Security & Firewall <= 4.4.5 - Cross-Site Scripting

6.1

CVE-2020-29171

Dec 24, 2020

Researchers:

All In One WP Security & Firewall <= 4.4.3 - Reflected Cross-Site Scripting

4.7

CVE ID Unknown

Sep 8, 2020

Researcher: Antony Garand

All In One WP Security & Firewall <= 4.0.8 - SQL Injection

9.8

CVE-2016-10887

Aug 14, 2019

Researchers:

All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting

6.1

CVE-2016-10866

Nov 11, 2016

Researchers:

All In One WP Security & Firewall <= 4.1.2 - Captcha Bypass

5.3

CVE ID Unknown

Jul 31, 2016

Researcher: sumofpwn

All In One WP Security & Firewall <= 4.0.6 - SQL Injection

9.8

CVE-2016-10888

Apr 6, 2016

Researchers:

All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting

6.1

CVE-2016-10867

Feb 23, 2016

Researchers:

All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting

6.1

CVE-2016-10868

Feb 22, 2016

Researchers:

Title	CVE ID	CVSS	Researchers	Date
All In One WP Security <= 5.2.6 - Cross-Site Request Forgery to IP Blocking	CVE-2024-30468	4.3	Ananda Dhakal	February 8, 2024
All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting	CVE-2024-1037	6.1	stealthcopter	February 6, 2024
All In One WP Security <= 5.2.4 - Protection Bypass of Renamed Login Page via URL Encoding	CVE-2023-52147	5.3	Naveen Muthusamy	October 25, 2023
All In One WP Security 5.1.9 - Plaintext Storage of Credentials		5.9		July 11, 2023
All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-0157	4.4	Bartłomiej Marek	March 20, 2023
All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal	CVE-2023-0156	4.9	Bartłomiej Marek	February 14, 2023
All-In-One Security <= 5.1.2 - Information Disclosure	CVE-2022-4346	5.3	Daniel Ruf	December 9, 2022
All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery	CVE-2022-44737	8.8	Rafie Muhammad	November 22, 2022
All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass	CVE-2022-4097	6.5	Daniel Ruf	November 21, 2022
All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery		8.8		November 17, 2022
All In One WP Security & Firewall 5.0.0 - 5.0.7 - Protection Bypass via IP Spoofing		6.5	Calvin Alkan	September 30, 2022
All In One WP Security & Firewall <= 4.4.10 - Open Redirect and Reflected Cross-Site Scripting	CVE-2021-25102	6.1	ZhongFu Su	April 11, 2022
All In One WP Security & Firewall <= 4.4.5 - Cross-Site Scripting	CVE-2020-29171	6.1		December 24, 2020
All In One WP Security & Firewall <= 4.4.3 - Reflected Cross-Site Scripting		4.7	Antony Garand	September 8, 2020
All In One WP Security & Firewall <= 4.0.8 - SQL Injection	CVE-2016-10887	9.8		August 14, 2019
All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting	CVE-2016-10866	6.1		November 11, 2016
All In One WP Security & Firewall <= 4.1.2 - Captcha Bypass		5.3	sumofpwn	July 31, 2016
All In One WP Security & Firewall <= 4.0.6 - SQL Injection	CVE-2016-10888	9.8		April 6, 2016
All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting	CVE-2016-10867	6.1		February 23, 2016
All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting	CVE-2016-10868	6.1		February 22, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation