Approved changes feed: RSS · Atom

cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorAioseo (46628f31-a78e-5b2b-abb4-1374721effc3)
ProductAll In One Seo (60b4e943-f00b-5f29-9f5b-48a87d922491)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-2892 vulnerable 2026-06-08 07:16:58.604561 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL
MEDIUM (6.4)
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-05-19T04:21:41.468Z
Updated: 2026-04-08T17:03:26.113Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3554 vulnerable 2026-06-08 06:41:53.573423 All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
MEDIUM (6.4)
The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-05-02T16:51:54.079Z
Updated: 2026-04-08T16:43:07.450Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-3368 vulnerable 2026-06-08 06:41:53.033825 All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Published: 2024-05-20T06:00:01.083Z
Updated: 2025-03-14T17:20:36.410Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0586 vulnerable 2026-06-08 05:52:31.973676 All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2023-02-24T14:47:02.730Z
Updated: 2026-04-08T16:38:26.630Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0585 vulnerable 2026-06-08 05:52:31.972415 All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
MEDIUM (4.4)
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2023-02-24T14:46:43.084Z
Updated: 2026-04-08T16:47:44.493Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-42494 vulnerable 2026-06-08 05:49:30.108854 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-38093 vulnerable 2026-06-08 05:47:15.698497 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25037 vulnerable 2026-06-08 05:30:39.843070 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25036 vulnerable 2026-06-08 05:30:39.842606 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24307 vulnerable 2026-06-08 05:30:04.156065 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.