Normal view

Received before yesterday

All In One SEO Plugin Flaw Exposes AI Token to Low-Privilege WordPress Users

✇Cybersecurity News and Magazine
By:Ashish Khaitan
19 January 2026 at 06:09

All In One SEO

A newly disclosed security vulnerability in the All In One SEO ecosystem has drawn attention across the WordPress community due to its potential reach and impact. The flaw affects the widely used AIOSEO plugin, which is active on more than 3 million WordPress websites. It allows low-privileged users to access a site-wide AI access token tied to the plugin’s artificial intelligence features.  The issue adds to a growing list of security problems involving All In One SEO in 2025. According to security researchers, this is the sixth vulnerability disclosed for the plugin this year, raising concerns about recurring authorization and permission-related weaknesses. 

All In One SEO and the AIOSEO Plugin in WordPress 

The AIOSEO plugin is one of the most popular SEO tools in the WordPress ecosystem. It helps site owners manage essential optimization tasks such as generating metadata, creating XML sitemaps, adding structured data, and improving on-page SEO performance.  In recent versions, All In One SEO also introduced AI-powered tools designed to help users write SEO titles, meta descriptions, blog posts, FAQs, social media content, and generate images. These AI features rely on a global AI access token that allows the plugin to communicate with external AIOSEO AI services on behalf of the site. 

Missing Capability Check in the AIOSEO Plugin 

The vulnerability was traced to a missing permission check in a REST API endpoint used by the All In One SEO plugin. According to Wordfence, the issue allowed users with Contributor-level access or higher to retrieve sensitive AI-related data.  This endpoint is intended to return information about a site’s AI usage and remaining credits. However, it failed to verify whether the user making the request was authorized to view that information. As a result, the plugin exposed the site’s global AI access token to low-privilege users. 

Why Low-Privilege Access Is a Serious Issue in WordPress 

Contributor is one of the lowest privilege roles in WordPress. Many websites grant Contributor access to guest authors, freelancers, or editorial staff so they can submit drafts for review.  By exposing a site-wide AI token to these users, All In One SEO effectively allowed broad access to a credential that controls AI functionality across the entire site. That token could be misused in several ways. 

Potential Risks of the All In One SEO Vulnerability 

While the vulnerability does not enable direct code execution, it still presents meaningful risks: 
  • Unauthorized AI usage: The exposed token could be used to generate AI content through the affected WordPress site, consuming available credits. 
  • Service depletion: An attacker could automate AI requests to exhaust the site’s AI quota, preventing administrators from using those features. 
  • Billing and resource concerns: Even without direct financial theft, misuse of AI credits could lead to unexpected costs or disrupted workflows. 

How the AIOSEO Plugin Vulnerability Was Fixed 

The vulnerability affects all versions of All In One SEO up to and including version 4.9.2. It was addressed in version 4.9.3. In the official plugin changelog, the developers described the fix as:  “Hardened API routes to prevent AI access token from being exposed.”  This change directly resolves the missing permission check identified in the REST API endpoint. 

What WordPress Site Owners Should Do Now 

Anyone using All In One SEO on a WordPress site should update to version 4.9.3 or newer as soon as possible. Sites that allow multiple Contributors or external collaborators face a higher risk, as low-privilege accounts could access the AI token on vulnerable versions.  Regularly updating WordPress plugins, especially those like AIOSEO, which integrate AI services and external APIs, remains one of the most effective ways to reduce exposure to security risks. 
❌