A safety vulnerability was found within the widespread All in One search engine optimization (AIOSEO) WordPress plugin that made it potential for low-privileged customers to entry a web site’s world AI entry token, probably permitting them to misuse the plugin’s synthetic intelligence options and will enable attackers to generate content material or eat credit utilizing the affected web site’s AIOSEO AI credit and AI options. The plugin is put in on greater than 3 million WordPress web sites, making the publicity vital.
All in One search engine optimization WordPress Plugin (AIOSEO)
All in One search engine optimization is without doubt one of the most generally used WordPress search engine optimization plugins, put in in over 3 million web sites. It helps web site house owners handle search engine marketing duties similar to producing metadata, creating XML sitemaps, including structured knowledge, and offering AI-powered instruments that help with writing titles, descriptions, weblog posts, FAQs, social medial posts, and generate photos.
These AI options depend on a site-wide AI entry token that enables the plugin to speak with the AIOSEO exterior AI companies.
Lacking Functionality Test
Based on Wordfence, the vulnerability was brought on by a lacking permission test on a selected REST API endpoint utilized by the plugin which enabled customers with contributor degree entry to view the worldwide AI entry token.
Within the context of a WordPress web site, an API (Utility Programming Interface) is sort of a bridge between the WordPress web site and completely different software program purposes (together with exterior apps like AIOSEO’s AI content material generator) that allow them to securely talk and share knowledge with each other. A REST endpoint is a URL that exposes an interface to performance or knowledge.
The flaw was within the following REST API endpoint:
/aioseo/v1/ai/credit
That endpoint is supposed to return details about a web site’s AI utilization and remaining credit. Nonetheless, it did not confirm whether or not the person making the request was really allowed to see that knowledge. AIOSEO’s plugin did not do a functionality test to confirm whether or not somebody logged in with a contributor degree entry can have entry to that knowledge.
Due to that, any logged-in person with Contributor-level entry or larger may name the endpoint and retrieve the location’s world AI entry token.
Wordfence describes the flaw like this:
“This makes it potential for authenticated attackers, with Contributor-level entry and above, to reveal the worldwide AI entry token.”
The issue was that the implementation of the REST API endpoint didn’t do a permission test, which enabled somebody with contributor degree entry to see delicate knowledge.
In WordPress, REST API routes are supposed to incorporate functionality checks that guarantee solely licensed customers can entry them. On this case, that test was lacking, so the plugin handled Contributors the identical as directors when returning the AI token.
Why The Vulnerability Is Problematic
In WordPress, the Contributor degree function is without doubt one of the lowest privilege ranges. Many websites grant Contributor degree entry to a number of individuals in order that they will submit article drafts for overview and publication.
By exposing the worldwide AI token to these customers, the plugin could have successfully handed out a site-wide credential that controls entry to its AI options. That token may very well be used to:
1. Unauthorized AI Utilization
The token features as a web site huge credential that authorizes AI requests. If an attacker obtains it, they might probably use it to generate AI content material by way of the affected web site’s account, consuming no matter credit or utilization limits are related to that token.
2. Service Depletion
An attacker may automate requests utilizing the uncovered token to exhaust the location’s accessible AI quota. That might stop web site directors from utilizing the AI options they depend on, successfully making a denial of service for the plugin’s AI instruments.
Although the vulnerability doesn’t enable direct code execution, leaking a site-wide API token nonetheless represents a potential billing threat.
Half Of A Broader Sample Of Vulnerabilities
This isn’t the primary time All In One search engine optimization has shipped with vulnerabilities associated to lacking authorization or low-privilege entry. Based on Wordfence, the plugin has had six vulnerabilities disclosed in 2025 alone, a lot of which allowed Contributor or Subscriber degree customers to entry or modify knowledge they need to not have been in a position to entry.
These points included SQL injection, data disclosure, arbitrary media deletion, lacking authorization checks, delicate knowledge publicity, and saved cross-site scripting. The recurring theme throughout these stories is improper permission enforcement for low-privilege customers, the identical underlying class of flaw that led to the AI token publicity on this case.
Six vulnerabilities in a single yr is a excessive degree for an search engine optimization plugin. Yoast search engine optimization plugin had zero vulnerabilities in 2025, RankMath had 4 vulnerabilities in 2025 and Squirrly search engine optimization had solely three vulnerabilities in 2025.
Screenshot Of Six AIOSEO Vulnerabilities In 2025
How The Vulnerability Was Fastened
The vulnerability impacts all variations of All in One search engine optimization as much as and together with 4.9.2. It was addressed in model 4.9.3, which included a safety replace described within the official plugin changelog by the plugin builders as:
“Hardened API routes to stop AI entry token from being uncovered.”
That change corresponds on to the REST API flaw recognized by Wordfence.
What Web site Homeowners Ought to Do
Anybody operating All in One search engine optimization ought to replace to model 4.9.3 or newer as quickly as potential. Websites that enable a number of exterior contributors are particularly uncovered since low-privilege accounts may entry the location’s AI token on susceptible variations.
Featured Picture by Shutterstock/Shutterstock AI Generator
