All In One Seo
Approved changes feed: RSS · Atom
cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Aioseo (46628f31-a78e-5b2b-abb4-1374721effc3) |
|---|---|
| Product | All In One Seo (60b4e943-f00b-5f29-9f5b-48a87d922491) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2892 |
vulnerable | 2026-06-08 07:16:58.604561 |
All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL
MEDIUM (6.4)
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-05-19T04:21:41.468Z
Updated: 2026-04-08T17:03:26.113Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3554 |
vulnerable | 2026-06-08 06:41:53.573423 |
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
MEDIUM (6.4)
The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-05-02T16:51:54.079Z
Updated: 2026-04-08T16:43:07.450Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3368 |
vulnerable | 2026-06-08 06:41:53.033825 |
All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Published: 2024-05-20T06:00:01.083Z
Updated: 2025-03-14T17:20:36.410Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0586 |
vulnerable | 2026-06-08 05:52:31.973676 |
All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2023-02-24T14:47:02.730Z
Updated: 2026-04-08T16:38:26.630Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0585 |
vulnerable | 2026-06-08 05:52:31.972415 |
All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
MEDIUM (4.4)
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2023-02-24T14:46:43.084Z
Updated: 2026-04-08T16:47:44.493Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-42494 |
vulnerable | 2026-06-08 05:49:30.108854 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38093 |
vulnerable | 2026-06-08 05:47:15.698497 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25037 |
vulnerable | 2026-06-08 05:30:39.843070 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25036 |
vulnerable | 2026-06-08 05:30:39.842606 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24307 |
vulnerable | 2026-06-08 05:30:04.156065 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.