Critical Vulnerability in All In One SEO Plugin Impacts 3M+ WordPress Sites
▼ Summary
– A security vulnerability in the All in One SEO (AIOSEO) WordPress plugin allowed low-privileged users, like Contributors, to access a site’s global AI access token.
– The flaw was a missing permission check on a specific REST API endpoint (`/aioseo/v1/ai/credits`) meant to return AI usage and credit information.
– An exposed token could let attackers misuse AI features to generate unauthorized content or deplete the site’s AI service credits, posing a billing and denial-of-service risk.
– This is part of a broader pattern, as AIOSEO has had six vulnerabilities disclosed in 2025 alone, often related to improper permission checks for low-privilege users.
– The vulnerability was fixed in version 4.9.3, and site owners are urged to update immediately, especially those with many external contributors.
A significant security flaw has been identified in the widely-used All in One SEO plugin for WordPress, potentially affecting over three million websites. This vulnerability allowed users with minimal permissions to obtain a site’s global AI access token, which could be exploited to generate unauthorized content or deplete the site’s allocated AI service credits without proper authorization.
All in One SEO is a premier tool for WordPress site optimization, assisting with tasks like metadata creation, sitemap generation, and providing AI-driven writing aids. These advanced AI functionalities depend on a centralized access token to communicate with external services. The security issue stemmed from a missing capability check on a specific REST API endpoint within the plugin. This endpoint, designed to report AI usage and credit details, did not verify if the requesting user had appropriate permissions. Consequently, any logged-in user with at least Contributor-level access could call this endpoint and retrieve the sensitive global AI token.
In WordPress environments, the Contributor role is a basic permission level often granted to individuals who submit content drafts. By exposing the site-wide credential to these users, the plugin inadvertently created several risks. An attacker could use the token for unauthorized AI usage, generating content and consuming credits linked to the site’s account. Furthermore, they could automate requests to exhaust the AI service quota, creating a denial-of-service condition for the legitimate site administrators. While this flaw does not permit direct code execution, it presents a clear billing and operational threat.
This incident is part of a concerning trend for the plugin. Security researchers note that All in One SEO has had six vulnerabilities disclosed in 2025 alone, a notably high number compared to other major SEO plugins. These previous issues, which included problems like SQL injection and data exposure, often shared a common root: inadequate permission checks for users with lower-level access.
The developers have resolved the vulnerability in version 4.9.3 of the plugin. The update specifically hardens the API routes to prevent the AI access token from being exposed. It is critical for all site administrators using this plugin to update to version 4.9.3 or newer immediately. This is especially urgent for sites that provide access to numerous contributors or authors, as they were at heightened risk on the older, vulnerable versions.
(Source: Search Engine Journal)
