Introduction to the Vulnerability
A security vulnerability was discovered in the popular All in One SEO (AIOSEO) WordPress plugin. This vulnerability makes it possible for low-privileged users to access a site’s global AI access token, potentially allowing them to misuse the plugin’s artificial intelligence features. The plugin is installed on more than 3 million WordPress websites, making this a significant issue.
What is All in One SEO WordPress Plugin (AIOSEO)?
All in One SEO is one of the most widely used WordPress SEO plugins, installed in over 3 million websites. It helps site owners manage search engine optimization tasks such as generating metadata, creating XML sitemaps, adding structured data, and providing AI-powered tools that assist with writing titles, descriptions, blog posts, FAQs, social media posts, and generating images. Those AI features rely on a site-wide AI access token that allows the plugin to communicate with the AIOSEO external AI services.
Understanding the Vulnerability: Missing Capability Check
The vulnerability was caused by a missing permission check on a specific REST API endpoint used by the plugin. This enabled users with contributor-level access to view the global AI access token. In the context of a WordPress website, an API (Application Programming Interface) is like a bridge between the WordPress website and different software applications that enable them to securely communicate and share data with one another. A REST endpoint is a URL that exposes an interface to functionality or data.
The flaw was in the following REST API endpoint: /aioseo/v1/ai/credits. This endpoint is meant to return information about a site’s AI usage and remaining credits. However, it failed to verify whether the user making the request was actually allowed to see that data. Because of that, any logged-in user with Contributor-level access or higher could call the endpoint and retrieve the site’s global AI access token.
Why the Vulnerability is Problematic
In WordPress, the Contributor level role is one of the lowest privilege levels. Many sites grant Contributor-level access to multiple people so that they can submit article drafts for review and publication. By exposing the global AI token to those users, the plugin may have effectively handed out a site-wide credential that controls access to its AI features. That token could be used to:
- Unauthorized AI Usage: The token functions as a site-wide credential that authorizes AI requests. If an attacker obtains it, they could potentially use it to generate AI content through the affected site’s account, consuming whatever credits or usage limits are associated with that token.
- Service Depletion: An attacker could automate requests using the exposed token to exhaust the site’s available AI quota. That would prevent site administrators from using the AI features they rely on, effectively creating a denial of service for the plugin’s AI tools.
Part of a Broader Pattern of Vulnerabilities
This is not the first time All In One SEO has shipped with vulnerabilities related to missing authorization or low-privilege access. According to Wordfence, the plugin has had six vulnerabilities disclosed in 2025 alone, many of which allowed Contributor or Subscriber level users to access or modify data they should not have been able to access. Those issues included SQL injection, information disclosure, arbitrary media deletion, missing authorization checks, sensitive data exposure, and stored cross-site scripting. The recurring theme across those reports is improper permission enforcement for low-privilege users, the same underlying class of flaw that led to the AI token exposure in this case.
How the Vulnerability Was Fixed
The vulnerability affects all versions of All in One SEO up to and including 4.9.2. It was addressed in version 4.9.3, which included a security update described in the official plugin changelog by the plugin developers as: “Hardened API routes to prevent AI access token from being exposed.” That change corresponds directly to the REST API flaw identified by Wordfence.
What Site Owners Should Do
Anyone running All in One SEO should update to version 4.9.3 or newer as soon as possible. Sites that allow multiple external contributors are especially exposed since low-privilege accounts could access the site’s AI token on vulnerable versions.
Conclusion
The security vulnerability in the All in One SEO WordPress plugin poses a significant risk to websites using this plugin, especially those with multiple contributors. It highlights the importance of keeping plugins up to date and the need for robust security practices to protect against potential exploits. By understanding the nature of this vulnerability and taking prompt action, site owners can safeguard their websites and prevent unauthorized access to their AI features.